Incorporating Security Practices into Business Processes.
Ira Winkler, President, Secure Mentem
Dr. Tracy Celaya, President and Principal Consultant, Go Consulting International
(We will also have a special opening talk by Svavar Ingi Hermannsson, who will be flying in from Iceland to share his thoughts with us).
This talk will share how you can ensure that security is not just bolted on to business operations, but is an integral part. When people fail from a security perspective, everyone seems to blame the users. Part of the consistent failing is that organizations expect users to do their job, and somehow know what security to implement into the process on their own. This presentation will talk about how to build security behaviors into organizational policies and procedures and therefore practice.
The methodology proposed would also be associated with the development of web apps to ensure all security concerns and processes are embedded during the development and maintenance of Web apps. Ira Winkler, CISSP is President of Secure Mentem and Author of Advanced Persistent Security. He is considered one of the world’s most influential security professionals and has been named a “Modern Day James Bond” by the media. He performs espionage simulations, where he physically and technically “breaks into” some of the largest companies in the world and investigating crimes against them, and telling them how to cost effectively prevent them. Winkler won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. Most recently, CSO Magazine named Winkler a CSO Compass Award winner as the Awareness Crusader.
Tracy Celaya is credited with 17 years of expertise in program/project management, organizational development, change management, performance consulting and leadership, with her research in cloud computing and human resources. In addition to consulting, Celaya is an InfoSec Sr. Program Manager at American Airlines and a US Air Force Veteran with a background in electronic intelligence. Celaya has a doctorate in management and organizational leadership, a master of business administration, a bachelor of science in information technology, and is currently a member of ISACA, ISSA, WITI, SHRM, PMI and NAWBO.
Opening talk by Svavar Ingi Hermannsson:
Title: Rethinking IT Security
This talk provides provocative new ways of looking at IT security and how we can realistically solve the lack of IT security long term. It is frequently said that people have a problem seeing the trees from the forest, but this talk inverts the saying and implies that it seems to be hard for people to see the forest from the trees. Pointing out, that people have been looking for solutions addressing IT security within their own companies or environments, instead of thinking of ways to address and solve it on a large scale. The talk is partially based on the speakers book, which was published in June of last year. The author will introduce the “Eyjafjallajökull” methodology.
Svavar Ingi Hermannsson is one of Iceland’s leading experts in information security. He has been specializing in IT security and software development for the last 20 years and has held various roles in programming and IT Security consulting with vast experience in penetration testing, vulnerability assessment, code auditing, information security management - including ISO/IEC 27001, PCIDSS and PADSS. These roles include a manager position at KPMG, as well as a CISO position at one of the leading mobile payment application company in Iceland. Svavar has taught classes at the University of Iceland and the University of Reykjavik.
Svavar is a lifetime member of OWASP and holds various certifications, including CISSP, CISA and CISM.