CiNPA - Security SIG

Meeting Topic:
Topic 1: Dave Hatter: Mitigating the Privacy and Security Risks of “Citizen Development”
Topic 2: Mike Schuetter: Good Grief Charlie Brown! Cascading Failures in a Defense in Depth Strategy

Mitigating the Privacy and Security Risks of “Citizen Development”
Digital transformation is driving the demand for rapid application development up exponentially. To satisfy the demand, organizations are increasingly embracing “Citizen Development”. Non-technical users can leverage low-code tools and platforms to build and deploy software solutions without limited or no programming expertise. These low code solutions can pose significant security and privacy challenges that must be addressed to prevent data breaches and compliance issues.
We will discuss popular low-code tools and platforms used for Citizen Development, examine the challenges of managing Citizen Development and explore the threats and risks of Citizen Development. We will look at policies and procedures to ensure compliance with industry regulations and cybersecurity standards as well as best practices for securing these tools and their output including security awareness training for Citizen Developers.
This presentation will provide an in-depth understanding of the privacy and cybersecurity risks associated with Citizen Development and equip attendees with the knowledge and tools needed to effectively secure their organizations’ Citizen Development programs.
- Understanding Citizen Development
- Privacy Risks in Citizen Development
- Security Risks in Citizen Development
- Regulatory Compliance Challenges
- Reducing the Citizen Development Risk
- Building a Secure Citizen Development Program
- Q&A

Good Grief Charlie Brown! Cascading Failures in a Defense in Depth Strategy
Leveraging a real world scenario, Mike will walk us through an incident from the attackers perspective. As the story twists and turns, we will focus on how our perception of our security architecture does not always align with reality. For the big finish, Mike summarizes the lessons learned to shore up our defenses and reduce the possibility of similar attacks in the future.

Speaker bios:
Dave Hatter: An accomplished, enthusiastic, award-winning technology leader with over 30 years of software development, cybersecurity, and project management experience. Dave is a lifelong learner earning many industry certifications including CISSP, CISA, CISM, CCSP, CSSLP, Security+, Network+, MS Azure Fundamentals, PMP, PMI-ACP, PMI-PBA, PSM 1, PSD 1, and ITIL Foundation V3. He earned a BS in Information Systems from NKU and has written or contributed to 12 technology books, has written more than 100 technology related articles, been quoted in many publications, made thousands of guest appearances on radio and TV, and testified as a technology expert in cybersecurity before House and Senate committees in the Kentucky Legislature.

Mike Schuetter is the Chief Information Security Officer at Encore Technologies. He joined Encore in 2016 in its second month of operation to build the Information Security Program and now leads both corporate IT and cybersecurity for the technology and data center services company.
Prior to Encore, Mike Schuetter built and managed several technical and organizational security assessment practices. Additionally, Mike Schuetter designed, built, and recruited staff for several security operations centers for a fortune 500 company that is also a large defense contractor. These experiences yielded lessons such as success is a community effort, it is all about the “company you keep”, and process matters as much as technology.

About Us:
The CiNPA Security SIG is the Cincinnati Networking Professionals Association Security Special Interest Group. We meet monthly on the third Thursday of each month, starting at 6:30 p.m.
The CiNPA Security SIG's monthly meeting format typically consists of one or two main monthly meeting topics featuring live presentations or demonstrations promoting open and interactive group discussions. Our focus is primarily on the technical aspects of InfoSec, but we occasionally touch on other areas of cybersecurity as well. Information security news, announcements, and round-table discussions follow our main meeting topics.
Attendee Benefits:
• Attendance qualifies for 2 hours of CPE or CEU credit towards certification renewals
• Maintaining awareness of new vulnerabilities and exploits
• Learning about the latest security tools, utilities, products, services, solutions, strategies, techniques, frameworks, and best practices
• Sharing of information regarding trends concerning enterprise systems and technology
• Hearing announcements of upcoming area security conferences and events
• Networking with peers in the local Information Security (InfoSec) community