Zoom Online meeting RSVP Required – register at Zoom
Measuring how well you are managing Information Security
Walter B. Williams (CISSP, SSCP)
We create controls to manage the risk of a compromise of availability, integrity, confidentiality, privacy, control, authenticity, and utility to the organization for which we are responsible for. To understand if the controls are effective, you have to measure their performance against goals established for each control against the risk tolerance of the organization. This sounds good on paper, but is one of the hardest things to get right in the management of an information security program. We’ll examine what NIST, CIS, and ISO has to say regarding the measurement of our controls, and how to construct metrics. We’ll look at how to identify the applicable controls per each risk to your organization. We’ll construct metrics for completeness of implementation, for effectiveness, and for adverse impact to your organization for those controls and look at ways to map these back to the risks your organization is managing.
Walter has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group and EMC. He has since moved to security leadership, where he’d served as at IdentityTruth, Passkey, Lattice Engines, and Monotype. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides, Source Boston, Boston Application Security Conference, Rochester Security Summit, Wall of Sheep Village within DefCon, RiskSec Toronto and other venues . His articles on Security and Service Oriented Architecture have appeared in the Information Security Management Handbook, and he has a book with CRC press on the same topic. He has a book on How to Create an Information Security Program from Scratch which will be available for purchase on September 15. He sat on the board of directors for the New England ISSA chapter and was a member of the program committee for Metricons 8 and 10. He has a masters degree in Anthropology from Hunter College.
The Ministry of Citizens’ Services of the BC Provincial Government is looking for a Manager of Operations.
Ministry of Citizens’ Services Victoria
Manager of Operations $ 77,700.20 – $ 110,000.05 annually
The Manager of Operations will oversee and manage the Access and Directory Management Services (ADMS) teams that provide the day-to-day operational support for the suite of Access and Directory Management service offerings that are used across the BC Government. This position will be responsible for leading teams of IT professionals within the unit that support identity, access, security, stability, availability, capacity, change and performance management services for ADMS’s systems and technologies.
The BC Public Service is committed to creating a diverse workplace to represent the population we serve and to better meet the needs of our citizens. Consider joining their team and being part of an innovative, inclusive and rewarding workplace.
The Indigenous Applicant Advisory Service is available to applicants that self-identify as Indigenous (First Nations, status or non-status, Métis, or Inuit) seeking work or already employed in the BC Public Service. For advice and guidance on applying and/or preparing for an interview for this opportunity, we invite applicants to connect with the Indigenous Applicant Advisor Amanda by email: IndigenousApplicants@gov.bc.ca or by phone: 778-698-1336.
Qualifications for this role include:
Certificate or higher in the computer science field OR an equivalent combination of education, training and experience may be considered.
Minimum two (2) years’ experience supervising technical staff. Preference may be given to applicants with experience supervising staff in a union environment.
Three (3) years’ experience in technical operations in a complex application environment, supporting a large, diverse, corporate business enterprise with critical system needs. Preference may be given to more years of experience.
Three (3) years’ experience leading and resolving complex staff and/or client issues. Preference may be given to more years of experience.
Minimum One (1) year experience delivering or supporting Identity and Access services.
Minimum One (1) year experience negotiating and managing information technology contracts.
Minimum One (1) year experience in a leadership role that ensure teams provide expert customer service support within a shared service model.
Preference may be given to applicants with:
Experience supporting technical application environments related to Identity and Access.
Experience supporting Identity and Access service offerings related to any of the following: MS Azure, MS Azure AD, SiteMinder, MFA, Azure Conditional Access, Keycloak.
Experience managing information technology contracts within a Government environment.