June 10th, 2022 meeting

DATE:June 10th, 2022
TIME:2:00pm to 4:00pm (PST)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Value Assurance: A Novel Approach to Information Security Programs in Organizations
PRESENTER: Sabino Marquez
RECORDING: 

ABSTRACT

The evolution of Information Security from a technical sub-discipline of IT to a strategic enabler of stakeholder value continues unabated. Join Sabino as he discusses innovations in Information Security management and outlines a novel program that places InfoSec squarely “in the business” where it can directly influence the value conversation. Value Assurance is a management strategy which reframes the Information Security function as a strategic investment that enables the Revenue and Go-to-Market strategies and can drive higher valuations at equity events. By aligning the assurance mandate to value and communicating assurance wins in revenue terms, assurance leaders can lead from behind to help accelerate revenue velocity, enable market differentiation, materially increase stakeholder trust, and ultimately help to boost valuation.

BIOGRAPHY

Sabino is an experienced assurance leader who empowers organizations through the strategic governance of their Information Security and Value Assurance programs. A natural entrepreneur and storyteller, Sabino brings over 20 years of experience in the B2B SaaS and Retail Banking sectors to help organizations create and defend ultimate value for their stakeholders. You can learn more about Sabino and his approach to leading the assurance practice here and here.

September 10th, 2021 meeting

DATE:September 10th, 2021
TIME:2:00pm to 4:00pm (PDT)
VENUE:Zoom Online meeting
RSVP Required – register at Zoom
TOPIC:Measuring how well you are managing Information Security
PRESENTER:Walter B. Williams (CISSP, SSCP)
RECORDING:Link to recorded presentation

ABSTRACT

We create controls to manage the risk of a compromise of availability, integrity, confidentiality, privacy, control, authenticity, and utility to the organization for which we are responsible for. To understand if the controls are effective, you have to measure their performance against goals established for each control against the risk tolerance of the organization. This sounds good on paper, but is one of the hardest things to get right in the management of an information security program. We’ll examine what NIST, CIS, and ISO has to say regarding the measurement of our controls, and how to construct metrics. We’ll look at how to identify the applicable controls per each risk to your organization. We’ll construct metrics for completeness of implementation, for effectiveness, and for adverse impact to your organization for those controls and look at ways to map these back to the risks your organization is managing.

BIOGRAPHY

Walter has served as an infrastructure and security architect at firms as diverse as GTE Internetworking, State Street Corp, Teradyne, The Commerce Group and EMC. He has since moved to security leadership, where he’d served as at IdentityTruth, Passkey, Lattice Engines, and Monotype. He is an outspoken proponent of design before build, an advocate of frameworks and standards, and has spoken at Security B-Sides, Source Boston, Boston Application Security Conference, Rochester Security Summit, Wall of Sheep Village within DefCon, RiskSec Toronto and other venues . His articles on Security and Service Oriented Architecture have appeared in the Information Security Management Handbook, and he has a book with CRC press on the same topic. He has a book on How to Create an Information Security Program from Scratch which will be available for purchase on September 15. He sat on the board of directors for the New England ISSA chapter and was a member of the program committee for Metricons 8 and 10. He has a masters degree in Anthropology from Hunter College.