Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
The Business of Security Leadership
1. The Business of Security
Leadership
8 July 2016
ISSA Tampa Bay
2. Speaker Bio
ISSA International Board of Directors
Security Executive
U.S. Government Expatriate
Author
Business owner
Mentor
Family guy
Ministry leader
Amateur comedian
Keyaan Williams
Keyaan.Williams@ISSA.org
www.linkedin.com/in/keyaan
4. Updates from the Mother Ship
What is going on at ISSA International?
5. In case you missed it:
2016 International
Conference
November 2-3, 2016
Hyatt Regency Dallas
Registration is Now Open!
6. ISSA International Conference
Early registration is closed, but . . .
•One complimentary registration is available for
each Chapter.
•Have a sponsor rent a bus.
•We still want to see you if you are out of work. We
have volunteer opportunities.
7. ISSA Fellows: 2016 Cycle is now open!
Submit a nomination for a Senior Member,
Fellow, or Distinguished Fellow.
Deadline August 1, 2016 (11:59pm ET)
8. Special Interest Groups (SIGs)
ISSA SIGs offer additional, targeted
opportunities to get involved.
• Security Education and Awareness
• Women In Security
• Financial SIG
• Healthcare SIG
• Cyber Security Career Lifecycle (CSCL)
Want to serve as a liaison? Contact sigs@issa.org
9. ISSA CISO Executive Membership
If you are a CISO,
this is a worthwhile membership level that offers
4 executive sessions per year to collaborate with
other CISOs and security leaders.
10. The Business of Security
Leadership
Some thoughts and perspective about
the role of security in a business.
11. I am not a security leader. Why do I care?
Everyone should care about security –
especially security people.
12. I am not a security leader. Why do I care?
You don’t have to be a security leader to
care about or contribute to security
leadership.
13. I sell security products or services.
Why do I care?
You must have a deep understanding of
your product and your customers to sell it
effectively.
14. What is the main idea?
Information security is not really about . . .
controls, compliance, or technology.
We are focusing on the wrong problem.
15. What is security about?
Security is about equipping the
business to operate with the fewest
possible disruptions.
16. How does security equip the business?
Enhance and support business
initiatives.
17. How does security equip the business?
Protect confidentiality, integrity, and
availability of business processes.
18. How does security equip the business?
Identify threats and provide mitigation
and/or timely remediation.
19. How does security equip the business?
Support resilience of business systems
and services.
20. Where does security leadership start?
Security leadership starts at the top.
Business leaders must agree on governance for
the enterprise before security can contribute to
the process.
Data
management
Enterprise
architecture
BCM BIA Policy
21. Everyone agrees on governance. Now what?
Develop a strategy and clearly define programs
and investments you need to genuinely equip
your business.
23. What do I need to run security like a
business?
Program
Management
Project
Management
Managerial
Accounting
Information
Management
Negotiation Collaboration
25. This applies to everyone, not just security leaders.
Business is about business, and security just contributes.
Security must operate like a business unit to support the
business effectively.
If you aren’t familiar with something we discussed, do
research and learn more.