|
|
Sessions and Speakers
Herb Mattord,
Kennesaw State University |
 |
Re-Thinking Risk Management
Every wondered if the dominant tools and techniques used in risk management are simply 'wrong' in some fundamental way? I sure have, and so have quite a few others. In this session we will outline what we do now 'because we always do it that way' and why people think this may not be the best approach. We will wrap up with some advice from these folks on how we might do it better.
Herb completed 24 years of IT industry experience before joining the faculty at Kennesaw State University in 2002. He was the Manager of Corporate Information Technology Security at Georgia-Pacific Corporation, where much of the practical knowledge found in this textbook was acquired. He is currently on the Faculty at Kennesaw State University where he teaches undergraduate courses in Information Security, Data Communications, and Local Area Networks, and he is the co-author of several books published by Course Technology and an active researcher in information security management topics.
|
Prat Moghe,
Netezza Data Compliance |
 |
Automating the Auditing and Compliance Lifecycle
Companies of all sizes and in all verticals need to ensure the privacy of sensitive information stored in their databases. But many companies use manual processes and controls to address compliance regulations. Unfortunately, this approach is labor intensive, error prone and expensive. Tight budgets often persuade companies to continue using their inefficient manual approaches. Join this to learn how to deploy an automated and secure auditing and compliance solution to save money with a clear ROI.
Prat Moghe is the founder of Tizor, who led the launch of its product into the data auditing market. Now at Netezza Data Compliance, Prat is an acknowledged thought leader in the compliance, security, networking, and systems management space and is widely quoted on identity theft and emerging security trends. He is also the author of the security industry's first data auditing blog at blog.tizor.com. Prat has several patents pending or granted, and has published numerous papers in conferences and journals. He holds a PhD in Electrical Engineering from UCLA. Prat is a TiE Charter Member and is active in mentoring other entrepreneurs.
|
Melanie Morris,
Manheim |
 |
Leading an Information Security Program in a Privately Held Company
How do you establish a security governance organization in a private company with minimum regulatory drivers? This session will explore a risk-based approach to information security that proactively assesses risk and vulnerabilities based on business need and business risk tolerance; not just reactive and technology focus (i.e. patch management, incident response, anti-virus, and disaster recovery). A risk-based approach allows the information security group to better align security priorities with business drivers, service level obligations, and laws and regulatory directives.
Melanie has over two decades experience in information security, networking/systems integration, nationally and internationally. She is currently the Manager of Information Security for Manheim, a wholly owned subsidiary of Cox Enterprises, Inc. Prior to joining the Cox organization, Melanie worked for merchant energy and investment management organizations and as a senior-level security consultant in the US and Europe. Throughout her 20+ years in Information Technology she has amassed an extensive background in information security governance, security engineering, networking, and server engineering. She has completed numerous professional certification programs, including CISSP and ISSAP.
|
Sanjay Raja,
Crossbeam Systems |
 |
Infrastructure Consolidation: Understanding the Security Obstacles Moving to Virtualization
Companies of all sizes and in all verticals need to ensure the privacy of sensitive information stored in their databases. But many companies use manual processes and controls to address compliance regulations. Unfortunately, this approach is labor intensive, error prone and expensive. Tight budgets often persuade companies to continue using their inefficient manual approaches. Join this to learn how to deploy an automated and secure auditing and compliance solution to save money with a clear ROI.
Sanjay Raja has more than 15 years of experience in computer networking, with 10 years in product management, marketing, and sales focused on Network Security Solutions and Testing. At Crossbeam, Sanjay is responsible for delivering Best-of-Breed security applications on Crossbeam’s Network Security Platforms. Prior to Crossbeam, Sanjay held various Product Management and Marketing roles in companies such as Arbor Networks, Top Layer Networks and Spirent Communications. Sanjay has authored several papers and articles on network testing (including security) and network security technologies. Sanjay started out in Embedded Software Development for companies such as Cabletron Systems and 3Com. Sanjay has a B.S. in Electrical Engineering and an M.B.A. from Worcester Polytechnic Institute.
|
Mike Scott,
Wendy's/Arby's Group, Inc. |
 |
Vulnerability Management & Risk Reduction
With vulnerabilities being discovered at an ever increasing rate and the shift from plus day exploits to rapidly evolving minus day exploitation how do your protect your environment? This session will highlight the evolution of threats and vulnerability management as seen from a fortune 1000 organization with almost 2800 remote locations and 1000�s of remote users. Topics will include an intimate view into the challenges of my own organization and what we have found to be the most effective.
Mike is the Director of Information Security for Wendy�s Arby�s Group, responsible for all facets of Information Security including Data Privacy, PCI Compliance, and Vulnerability Management. Mike has been in the Information Technology field for over 17 years with 13 years of Information Security focused experience. He has numerous professional certifications including GSLC, GCIM, CISM, and CISSP. Mike also served as an Intelligence Specialist in the US Navy and we are honored to have him on the program on Veterans Day.
|
Tom Spalthoff,
Protegrity |
 |
Beyond PCI Compliance: Forward Looking Data Protection Strategies
Attacks perpetrated by people with trusted insider status-employees, ex-employees, contractors and business partners pose great threat to organizations in terms of potential cost per occurrence and total potential cost than attacks mounted from outside. This session will discuss examples of these kinds of attacks, some of the regulations evolving to address these risks, and a layered approach to data protection to strengthen a risk profile.
Tom is a seasoned technical expert with over 15 years in the software industry. Tom holds a BS in Information Science from Drexel University and an MS in Intelligent Systems from the University of Pittsburgh. Tom has spent the past 5 years in the enterprise application and data security industry.
|
Michael Sutton,
Zscaler |
 |
Delivering Security Services in the Cloud
From securing e-mail and web traffic to anti-virus engines and delivering vulnerability scanning, numerous security functions can now be obtained in a service model, delivered by third parties. Tough economic times are a selling point for such services. But what is the true cost? Are short term cost savings outweighed by the hidden costs associated with outsourcing security? As such, we�ll consider the challenges inherent in delivering cloud offering among different segments of the security industry.
As VP of Security Research, Michael heads Zscaler Labs, the research and development arm of the company. Michael�s past experience included the Security Evangelist for SPI Dynamics and the Research Director at iDefense. Michael has authored numerous articles and is the co-author of Fuzzing: Brute Force Vulnerability Discovery. Michael holds a Master�s degree in Information Systems Technology from George Washington University and a Bachelor of Commerce from the University of Alberta.
|
Roy Wilkinson,
Imagitech Consulting |
|
ISSA Leadership Roundtable
This session is intended for past, present, and future leaders to get together in a relaxed setting to share ideas, challenges, questions, and previous successes with the goal of helping everyone�s chapter or association succeed, and aiding attendees in becoming better leaders. Topics: Membership retention and recruitment, Event planning, Running meetings, Current ISSA activites - and other topics or challenges brought by the participants.
The session will be led by Roy Wilkinson, two-term President of the Metro Atlanta Chapter of ISSA, and current Eastern US regional representative on the ISSA International Chapter Presidents Advisory Council. He is currently Chief Security Officer for a technology consulting firm with an international clientele, and is President of a licensed private investigation and security agency. | |
