ISSA Los Angeles

Wed, Nov 19 · 5:30 PM PST

Aligning Risk and Security to What the Business Really Wants

Hermosa Brewing Company Torrance, 1855 Del Amo Blvd, Torrance, CA, US

You must register and pay to attend: https://www.eventbrite.com/e/aligning-risk-and-security-to-what-the-business-really-wants-tickets-1764167184539

### Come and network with your friends, make new friends, and hear two great speakers. A buffet dinner will be served and drinks will be available.

Topic One: Beyond Checklists: Aligning Risk and Security to What the Business Really Wants

Security isn’t just about patching holes or passing audits, it’s about knowing where to aim your resources and when to stop. Too often, even well-funded programs stall because they’re chasing every vulnerability without a clear sense of what actually matters to the business.

This session will unpack what it really takes to align security with your organization’s risk appetite. We’ll talk about bridging the gap between security, IT, and the board, shifting from “we don’t want a breach” to defining a true north star that drives strategy, budget, and execution.

You’ll learn how to:
● Translate business risk appetite into actionable security priorities
● Recognize when “enough” risk mitigation is truly enough
● Build strategies that consider budget, IT readiness, and long-term maturity (not just frameworks)

When done right, risk alignment transforms security from a reactive cost center into a disciplined driver of resilience and growth. If you’ve ever wondered, “How do I know my security strategy is aligned, or if we even have one?” this talk is for you. Expect candid insights, real-world examples, and practical takeaways for security leaders at every stage.

Speaker One: Gus Anagnos

Gus Anagnos is the Chief Operations Officer and CISO at Cyber Defense Group (CDG), where he oversees corporate strategy, delivery operations, account management, and customer success. With over 25 years of transformative leadership experience, Gus has excelled in translating technology into business value.

Previously, Gus served as the CISO at USC, leading key security initiatives and implementing a comprehensive cybersecurity program. Gus has also held senior roles at Synack, Inc., eBay, PayPal, IndyMac Bancorp, Marsh & McLennan and General Motors Corporation, establishing transformative programs and working with Fortune 500 companies and government agencies. He has a bachelor's degree in finance and an MBA.

Topic Two: Zero Trust Cyber Security Framework (ZTCSF)

Today’s IT infrastructure is dominated by organizations that have either fully migrated to the cloud or adopted a hybrid IT model, alongside transitioning to a hybrid work environment. The Zero Trust Cyber Security Framework represents a change in thinking from traditional perimeter-based security models to a more robust, identity-centric approach. Unlike legacy systems that assume trust within network boundaries, Zero Trust operates on the principle of “never trust, always verify.” It enforces strict access controls, continuous authentication, and granular authorization for every user, device, and application, regardless of location. This framework integrates technologies such as multi-factor authentication (MFA), micro-segmentation, and real-time threat analytics to minimize attack surfaces and prevent lateral movement within networks. By adopting Zero Trust, organizations can enhance resilience against modern cyber threats, including insider risks and advanced persistent threats (APTs), while supporting secure remote work and cloud environments.

This presentation explores the core principles, architectural components, implementation challenges, and best practices for deploying Zero Trust in enterprise ecosystems, covering all infrastructure resources that should be protected by implementing ZTCSF.

You will learn:

• All of the infrastructure endpoint protections that need to be secured and protected.
• How to start with the Zero Trust Cyber Security Framework.
• Who is responsible for Zero Trust Cyber Security Framework adoption and governance.

Speaker Two: Prabhat Nigman

Prabhat is Global CTO at Golden Five, Inc., which is a MSFT AOSG & Solution Partner, CMMC RPO, ESP, MSSP, MSP, CSP, Supplier, and Education partner.

He has 25+ years of experience architecting secure enterprise environments across Azure, Microsoft 365, and hybrid infrastructures. He has worked for all the big IT giants, where he has led Global teams. He helps design solutions for private messaging clouds, mergers, collaborations between different messaging software, and other migration & deployment projects for: Office 365, Azure, AWS, Exchange, SQL, ADFS, MFA, FIM, MIM, and others.

He is a 3-time Microsoft MVP Award winner, an active member of the FBI InfraGard, and a member of ISSA. He holds an MBA in IT.