About us
Steel City Information Security, LLC was established on October 1st, 2014, but has been meeting as a users’ group since October 30th, 2012. This group has a heavy focus on socialization and informal discussion at every event, and is open to anyone, regardless of their age, abilities, gender, or occupation.
This group hosts three different types of events - presentations, informal networking events, and hands-on labs. All of our events are driven by specific technologies or novel ideas, and you can find details regarding our events, discussion boards, and additional information on our website. This group is listed on the DEFCON Groups website as DC412 and is the only netsec CitySec Meetup in Pittsburgh. Steel City Information Security, LLC does not and will never accept funds in exchange for presentation slots or vendor booths. All presentations are screened to ensure that they are vendor-agnostic and absent of language that could be construed as an attempt to sell any service or product.
Please feel free to give me your thoughts and input about this group and I look forward to meeting all of you at an upcoming event.
- Jon Zeolla
Steel City Information Security, LLC
Upcoming events
1
Pittsburgh ISSA March Meeting
Hackers Guild PGH, 2247 Babcock Blvd, Pittsburgh, PA, USJoin us on March 17th, 2026!
Featured Speaker: Matt Tolbert
Topic: Establishing an Effective Risk Appetite Using the FAIR Framework
Organizations struggle with defining a clear, actionable risk appetite—one that aligns business objectives with measurable, defensible cybersecurity decisions. This session brings clarity to that challenge through the internationally recognized FAIR (Factor Analysis of Information Risk) model, a quantitative framework designed to help leaders understand, measure, and communicate cyber risk in financial terms.About the Presentation
Matt Tolbert will break down what makes a risk appetite effective, not just documented. Drawing on industry guidance and his experience presenting on cyber risk appetite at major conferences, he will explore:
• How FAIR provides a common language and structure for defining risk appetite
• Why quantitative metrics outperform vague labels like low, medium, and high
• How to establish thresholds, KPIs, and KRIs that align with business priorities
• Practical steps for integrating FAIR into governance, reporting, and decision‑making
This session is ideal for security leaders, risk managers, analysts, and anyone responsible for communicating risk to executives or boards. FAIR’s structured approach helps eliminate ambiguity and ensures stakeholders share a consistent understanding of risk tolerance and tradeoffs.About the Speaker Matt Tolbert | LinkedIn
Matt Tolbert is a respected cybersecurity and risk specialist known for his work on cyber risk appetite development. He has presented on this topic at industry events, including sessions focused on establishing effective cyber risk appetite and aligning it with organizational strategy. His expertise spans risk quantification, cloud security considerations, and the development of meaningful KPIs, KRIs, and compliance thresholds.
Matt’s background and thought leadership make him uniquely equipped to guide organizations seeking to modernize their risk management programs using FAIR.Thank You to Our Sponsor ZScaler | Victor Zayac
This meeting is proudly sponsored by ZScaler (www.zscaler.com). We extend our sincere thanks to Victor Zayac LinkedIn and ZScaler for supporting the Pittsburgh ISSA community and making this event possible. Their partnership helps us continue delivering high‑value educational sessions and fostering meaningful professional connections.Date: Tuesday, February 17, 2026
Time: 5:30 PM – 7:00 PM (Presentation starts at 6:00 PM)
Location: Hackers Guild PGH - 2247 Babcock Blvd - Pittsburgh, PA 15237Who Should Attend
Security engineers, vulnerability analysts, CISOs, SOC teams, researchers, and anyone responsible for assessing or prioritizing security risk will find this session especially valuable.4 attendees
Past events
108
