Breaking into Information Security - Panel Discussion
To become a security professional, you need a certain mix of experience, knowledge, and skills. While Information Security is by no means an entry level career field, that doesn’t mean it’s impossible to break into the field. A formal degree aside, hands-on experience gained in the security trenches is invaluable. A solid education and a foundation in systems administration, engineering and/or development are part of the "apprenticeship" that every security professional goes through. The key to making this type of transition is in learning and understanding security issues and finding a way to apply the knowledge. Join our conversation as we discuss at length the skills, background, and experience needed to help you break into the Information Security industry.
Deborah Cheek, EVP & CISO, Enterprise Compliance & Audits Cybersecurity Management, Claims Recovery Financial Services LLC
Deborah Flynt, Global Information Security Officer, Carestream
Mark Leary, Vice President, Chief Information Security Officer, Conduent
Patrick Stack, CISO and IT Director, Enterprise Architecture, Eastman Kodak Company
PCI in the Sky - Running Secure Workloads in the Public Cloud
Almost 20 percent of today's enterprises are running over 1,000 VMs in the public cloud, but properly securing them, and doing so in a way that successfully addresses compliance requirements continues to be a challenge. This session looks at best practice approaches (and pitfalls to avoid), in building and operating secure, compliant workloads in the public cloud. Topics surveyed will include identity management, software-defined networking, logging and monitoring, encryption and key management, digital certificates and certificate authorities, auditing and reliance, and more!
Jim Raub, CISA and Vice President of Infrastructure, EagleDream Technologies
Jim Raub is the CISO and Vice President of Infrastructure at EagleDream Technologies. In a career spanning 25 years, Jim has successfully delivered hundreds of IT solutions across dozens of industry sectors on four continents. Whether managing cross-functional teams or developing a complex security architecture, Jim utilizes a strong customer focus to leverage technology and deliver positive business impact for his clients. He also serves as a virtual CISO for organizations ranging from small tech startups to large global corporations. In a previous role, Jim built a leading-edge IT governance organization at a Fortune 500 company, encompassing security and compliance, and was also responsible for large segments of infrastructure and support. Jim received his B.S. in Computer Science from Syracuse University, has taught dozens of classes at local colleges and businesses, and holds multiple certifications from ISC2, ISACA, Microsoft, Cisco, IBM, Toastmasters and other professional organizations.
Emerging Cyber Threats and Developing a Cyber-Focused Audit Strategy
“The purpose for developing and executing a cyber and information security focused audit strategy is to develop an independent, consolidated view of your organization’s cyber & information security posture. The attending audience will receive working knowledge, ideas, and direction for developing or enhancing a focused cyber security audit approach, including areas for consideration such as ongoing risk intelligence and monitoring, identifying and assessing emerging threats based on their ability to impact critical business activities through multiple delivery or communication channels (ex. voice, network, internet, applications, and servers) and evaluating emerging security investments, in terms of technology, placement, and process.”
Shamus McMahon, CISA, CISSP, Senior Audit Manager, Technology Audit, Key Bank
Shamus McMahon has been developing, leading, and managing technology audit and risk management projects and teams for nearly 20 years. Shamus has developed a broad perspective across various audit, operations, governance, and security disciplines, and has working exposure to multiple industries, including financial services, retail, and real estate. Shamus joined KeyBank in 2010, with primary responsibilities for assessing and advising on strategic technology projects, IT investment governance, security & technology risk management and offshore sourcing. His responsibilities at KeyBank have evolved into managing technology audit teams in the areas of infrastructure and security, with specific responsibilities for the development and execution of a focused cyber security audit strategy.
Prior to joining KeyBank, Shamus held a variety of technology audit, risk, security and compliance leadership and management positions at publicly traded companies within financial services, real estate, and retail sectors. Shamus is a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP). He holds a Bachelor of Science in Business Administration (BSBA) in Management from Clarion University of Pennsylvania, and a Master in Business Administration (MBA) from Cleveland State University
What you need to know about security bug reporting, hackers, vendors, and how they all interact.
David Frier, CISSP, CISM
• David C Frier, CISSP, CISM, other stuff
• Client Security Manager for Atos, serving Xerox’s Infrastructure
o …but I speak only for myself, not for Atos!
• Been doing Information Security for a dozen years
• IT of one sort or another for Jack Benny’s age
• Avid player of poker and Ingress, enthusiastic rider of a Trek.