SlideShare a Scribd company logo

Luncheon 2015-05-21 - CISO Roundtable by David Stanton

North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

This ISSA Executive Roundtable will discuss various topics relevant to current threats against our Nation, our industries, our businesses, our customers, and us as individuals. This session will include topics around phishing / malware, emerging security strategies and standards, offshoring / third party risk management, incident responses around cloud technologies, personal privacy, and counter response tactics.

Presentations & Public Speaking
1 of 11
Download to read offline
1 North Texas ISSA CISO Roundtable Moderator and Panelists David Stanton (Moderator) – ISSA Executive Forums Director Chris Ray (Panelist) – CISO, Epsilon Parrish Gunnels (Panelist) – CISO, Invitation Homes Ron Mehring (Panelist) – CISO, Texas Health Resources Roundtable Topic Threat Against Our Well Being – The Most Effective Methods in Combating and Responding to the Cyber Attack Objective This ISSA Executive Roundtable will discuss various topics relevant to current threats against our Nation, our industries, our businesses, our customers, and us as individuals. This session will include topics around phishing / malware, emerging security strategies and standards, offshoring / third party risk management, incident responses around cloud technologies, personal privacy, and counter response tactics. Event Sponsor
2 CISO Roundtable – Agenda and Topics • Chapter Announcements (5 – 10 minutes) • Roundtable Introductions (5 – 10 minutes) • Topics (80 minutes) o Current cyber threats against our organizations (Anthem, Sony, Target, Home Depot, etc.) o Various methods for reducing exposure to these threats o Attacks against us as individuals o Protecting and tracking sensitive data o Emerging technologies demanded by the business (BYOD, Cloud Services, etc.) • Questions from the Audience (5 – 10 minutes) • Closing and Drawings
3 About Me David Stanton, ISSA Executive Forum Director, Security & Privacy Director at Protiviti, and regularly acting in senior security roles for various clients (Moderator) David has more than 16 years of IT and IT Security consulting experience and received a BBA in Managerial Information Systems from Baylor University. He joined the Protiviti Dallas office in the IT Consulting practice focusing on Security and Privacy in 2013. Prior to Protiviti, David held the position of Data Protection and Privacy lead for a Fortune Global 500 consulting firm, acted as an interim Chief Information Security for a large entertainment company, and was previously Information Security Officer (ISO) for a top 5 US credit union. Currently, David is also the ISSA Executive Forums Director, is the senior security leader for a local Healthcare Provider, and regularly speaks to large audiences around top of mind security topics (including Cloud Security, Third Party Risk Management Forensics / Incident Handling, and Cyber Threats). Powerful Insights. Proven Delivery.™ Phone: +1.214.850.7051 david.stanton@protiviti.com David Stanton Director, Security and Privacy Dallas, TX
4 Risk Consulting & Advisory Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk, and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE® 1000 and Global 500 companies. We also work with smaller, growing companies, large multi-national corporations, as well as with educational institutions and government agencies. Protiviti – Who we are e Embedded Internal ControlProgram and Project Management Managing Applications Managing the Business of IT IT Security Business and Finance Operations Improvement Strategic and Operational Risk Internal Audit Sourcing & Consulting Restructuring & Financing Forecasting & Business Planning IT Consulting Governance, Risk & Audit Regulatory Compliance Finance & Performance Integrated Performance & Risk Management We help clients improve performance and manage risks. We believe in combining business insight and entrepreneurial spirit with experience and pragmatism. Now more than ever, this combination is essential for growing value whilst retaining control.
5 Protiviti IT Consulting Offerings at a Glance
6 Cyber Attacks describes the recent surge of internet sourced attacks focusing on effecting business operations, causing reputation harm, degrading eCommerce, stealing digital assets, and espionage against foreign entities. Usually these attack motivators are driven by financial, political, reputational, and personal interests in creating physical or logical harm. Rule of Thumb – What is important to you or to your company is likely of value to and target of someone else. What are Cyber Attacks?
7 Initial Compromise Establish Foothold Escalate Privileges Complete Mission Move Laterally Maintain Presence The Story of the Attack
8 11% 8% 11% 34% 25% 0% 5% 10% 15% 20% 25% 30% 35% 40% Manufacturing, Transportation, and Utilities Information and Professional Services Firms Retail Environments Financial Institutions Larger Organizations Who are the victims? Source: 2014 Verizon Data Breach Investigations Report, State of Cybersecurity: Implications for 2015 11% 31% 13% 55% 88% 2% 0% 20% 40% 60% 80% 100% Priviledged Misuse and Abuse Social Tactics Physical Attacks Malware Hacking Error How the breaches occur? Who did they get and how?
9 1% 7% 13% 18% 90% 0% 20% 40% 60% 80% 100% Business Partners Multiple Parties Insiders State-affiliated Actors Outsiders Who is the attacker ? External (Trend) Internal (Trend) Partner (Trend) Source: 2014 Verizon Data Breach Investigations Report, State of Cybersecurity: Implications for 2015 78% 72% 86% 98% 92% 95% 39% 48% 12% 4% 14% 12%6% 6% 2% 1% 1% -20% 0% 20% 40% 60% 80% 100% 2008 2009 2010 2011 2012 2013 What is the trends of attacker? Who is after us and Why?
10 Monitor – Build capabilities that identify anomalies quickly and accurately. Establish a baseline. Protect – Build a set of layers to protect infrastructure based upon risk. Resilient – Build elastic and flexible capabilities that can compensate for each other and adapt to new threats. Awareness – Improve internal and external awareness around capabilities. Being smart about what you share externally. Monitor ProtectResilient Awareness How to Respond?
11 Parrish Gunnels, Sr. Director and CISO of Information Security at Invitation Homes Parrish has more than 16 years of IT experience in various functions such as business analysis, project management, development, policy and process creation, business continuity management, internal / external audit, risk management and information security. He joined Invitation Homes, a Blackstone company, in February of this year. His experience includes working in multiple industries including financial services, telecommunications, and chemical manufacturing. Over the past few years, he has been focused on developing information security programs and securing existing networks through risk analysis, control definition, and user experience. Parrish holds a Master’s of Business Administration from Texas Christian University and certifications as a Professional Project Manager (PMP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Security Professional (CISSP). Chris Ray, SVP and CISO at Epsilon, Inc. Since November 2011 and as CISO of Epsilon, Chris oversees many facets of information security, including security operations, incident response, identity management and regulatory compliance. Prior to Epsilon, Chris was the CISO at Aflac Corporation for 7½ years and responsible for Information Security and Software Change Management. He also started and oversaw the first infosec department at Healthsouth Corporation. Finally, Chris served as an active duty United States Air Force (USAF) enlisted airman and then officer for 13 years with another 8 years in the active USAF Reserves. He retired in 2009 after 21 years of service. For over a decade, he worked at the Air Force Information Warfare Center conducting global cyber-warfare and cyber-terrorism exercises to provide government agencies information warfare tactics, techniques and procedures. Chris holds a BS in Computer Science from the University of Texas at Austin and a CISSP (Certified Information Systems Security Professional) certification as well as an ISSMP concentration in management. Ron Mehring, Sr. Director and CISO of Information Security at Texas Health Resources Ron Mehring serves as the chief information security officer / senior director, information security for Texas Health Resources, one of the largest faith-based, nonprofit health care delivery systems in the United States. At Texas health Resources, Ron leads IT GRC, security architecture, security operations, and the IT BC DR program. His current initiatives are focused on improving team performance, improving resiliency management, integrating a threat-management architecture that accounts for present and emerging threats, and maturing a technology risk management program that is aligned with the strategic goals of the organization. Ron holds an MBA in Risk Management from NYIT and is a Certified Information Systems Security Professional (CISSP). About Our Panelists

Recommended

Risk Advisor- Gestão De Ouvidoria
Risk Advisor- Gestão De OuvidoriaRisk Advisor- Gestão De Ouvidoria
Risk Advisor- Gestão De Ouvidoria
Fabricio Macedo
 
Softwares para Análise de Riscos em Projetos
Softwares para Análise de Riscos em ProjetosSoftwares para Análise de Riscos em Projetos
Softwares para Análise de Riscos em Projetos
Vagner Sanches Vasconcelos, MSc
 
Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
North Texas Chapter of the ISSA
 

Recommended

Risk Advisor- Gestão De Ouvidoria
Risk Advisor- Gestão De OuvidoriaRisk Advisor- Gestão De Ouvidoria
Risk Advisor- Gestão De Ouvidoria
Fabricio Macedo
 
Softwares para Análise de Riscos em Projetos
Softwares para Análise de Riscos em ProjetosSoftwares para Análise de Riscos em Projetos
Softwares para Análise de Riscos em Projetos
Vagner Sanches Vasconcelos, MSc
 
Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
North Texas Chapter of the ISSA
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
North Texas Chapter of the ISSA
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
North Texas Chapter of the ISSA
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNtxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
North Texas Chapter of the ISSA
 
NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan Horse
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
khadija278284
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
Vladimir Samoylov
 

More Related Content

More from North Texas Chapter of the ISSA

Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
North Texas Chapter of the ISSA
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
North Texas Chapter of the ISSA
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
North Texas Chapter of the ISSA
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
North Texas Chapter of the ISSA
 
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNtxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
North Texas Chapter of the ISSA
 
NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan Horse
North Texas Chapter of the ISSA
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
North Texas Chapter of the ISSA
 

More from North Texas Chapter of the ISSA (20)

Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finneyNtxissacsc5 blue 1-nine cybersecurity habits-george_finney
Ntxissacsc5 blue 1-nine cybersecurity habits-george_finney
 
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using DeceptionNTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
NTXISSACSC4 - Detecting and Catching the Bad Guys Using Deception
 
NTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New WorldNTXISSACSC4 - Security for a New World
NTXISSACSC4 - Security for a New World
 
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
NTXISSACSC4 - Intellectual Property Protection― Cross Roads between Ethics, I...
 
NTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan HorseNTXISSACSC4 - How Not to Build a Trojan Horse
NTXISSACSC4 - How Not to Build a Trojan Horse
 
NTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in DepthNTXISSACSC4 - Layered Security / Defense in Depth
NTXISSACSC4 - Layered Security / Defense in Depth
 

Recently uploaded

Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
khadija278284
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
Vladimir Samoylov
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Sebastiano Panichella
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Orkestra
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
OECD Directorate for Financial and Enterprise Affairs
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
IP ServerOne
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
Sebastiano Panichella
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
Howard Spence
 
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdfSupercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Access Innovations, Inc.
 
Media as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern EraMedia as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern Era
faizulhassanfaiz1670
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Matjaž Lipuš
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
OWASP Beja
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Sebastiano Panichella
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
Access Innovations, Inc.
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
Faculty of Medicine And Health Sciences
 
María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024
eCommerce Institute
 

Recently uploaded (16)

Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdfBonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
Bonzo subscription_hjjjjjjjj5hhhhhhh_2024.pdf
 
Getting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control TowerGetting started with Amazon Bedrock Studio and Control Tower
Getting started with Amazon Bedrock Studio and Control Tower
 
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...Doctoral Symposium at the 17th IEEE International Conference on Software Test...
Doctoral Symposium at the 17th IEEE International Conference on Software Test...
 
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...
 
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
 
Acorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutesAcorn Recovery: Restore IT infra within minutes
Acorn Recovery: Restore IT infra within minutes
 
International Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software TestingInternational Workshop on Artificial Intelligence in Software Testing
International Workshop on Artificial Intelligence in Software Testing
 
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptxsomanykidsbutsofewfathers-140705000023-phpapp02.pptx
somanykidsbutsofewfathers-140705000023-phpapp02.pptx
 
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdfSupercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
Supercharge your AI - SSP Industry Breakout Session 2024-v2_1.pdf
 
Media as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern EraMedia as a Mind Controlling Strategy In Old and Modern Era
Media as a Mind Controlling Strategy In Old and Modern Era
 
Bitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXOBitcoin Lightning wallet and tic-tac-toe game XOXO
Bitcoin Lightning wallet and tic-tac-toe game XOXO
 
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers0x01 - Newton's Third Law: Static vs. Dynamic Abusers
0x01 - Newton's Third Law: Static vs. Dynamic Abusers
 
Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...Announcement of 18th IEEE International Conference on Software Testing, Verif...
Announcement of 18th IEEE International Conference on Software Testing, Verif...
 
Eureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 PresentationEureka, I found it! - Special Libraries Association 2021 Presentation
Eureka, I found it! - Special Libraries Association 2021 Presentation
 
Obesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditionsObesity causes and management and associated medical conditions
Obesity causes and management and associated medical conditions
 
María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024María Carolina Martínez - eCommerce Day Colombia 2024
María Carolina Martínez - eCommerce Day Colombia 2024
 

Luncheon 2015-05-21 - CISO Roundtable by David Stanton

  • 1. 1 North Texas ISSA CISO Roundtable Moderator and Panelists David Stanton (Moderator) – ISSA Executive Forums Director Chris Ray (Panelist) – CISO, Epsilon Parrish Gunnels (Panelist) – CISO, Invitation Homes Ron Mehring (Panelist) – CISO, Texas Health Resources Roundtable Topic Threat Against Our Well Being – The Most Effective Methods in Combating and Responding to the Cyber Attack Objective This ISSA Executive Roundtable will discuss various topics relevant to current threats against our Nation, our industries, our businesses, our customers, and us as individuals. This session will include topics around phishing / malware, emerging security strategies and standards, offshoring / third party risk management, incident responses around cloud technologies, personal privacy, and counter response tactics. Event Sponsor
  • 2. 2 CISO Roundtable – Agenda and Topics • Chapter Announcements (5 – 10 minutes) • Roundtable Introductions (5 – 10 minutes) • Topics (80 minutes) o Current cyber threats against our organizations (Anthem, Sony, Target, Home Depot, etc.) o Various methods for reducing exposure to these threats o Attacks against us as individuals o Protecting and tracking sensitive data o Emerging technologies demanded by the business (BYOD, Cloud Services, etc.) • Questions from the Audience (5 – 10 minutes) • Closing and Drawings
  • 3. 3 About Me David Stanton, ISSA Executive Forum Director, Security & Privacy Director at Protiviti, and regularly acting in senior security roles for various clients (Moderator) David has more than 16 years of IT and IT Security consulting experience and received a BBA in Managerial Information Systems from Baylor University. He joined the Protiviti Dallas office in the IT Consulting practice focusing on Security and Privacy in 2013. Prior to Protiviti, David held the position of Data Protection and Privacy lead for a Fortune Global 500 consulting firm, acted as an interim Chief Information Security for a large entertainment company, and was previously Information Security Officer (ISO) for a top 5 US credit union. Currently, David is also the ISSA Executive Forums Director, is the senior security leader for a local Healthcare Provider, and regularly speaks to large audiences around top of mind security topics (including Cloud Security, Third Party Risk Management Forensics / Incident Handling, and Cyber Threats). Powerful Insights. Proven Delivery.™ Phone: +1.214.850.7051 david.stanton@protiviti.com David Stanton Director, Security and Privacy Dallas, TX
  • 4. 4 Risk Consulting & Advisory Protiviti (www.protiviti.com) is a global consulting firm that helps companies solve problems in finance, technology, operations, governance, risk, and internal audit. Through our network of more than 70 offices in over 20 countries, we have served more than 35 percent of FORTUNE® 1000 and Global 500 companies. We also work with smaller, growing companies, large multi-national corporations, as well as with educational institutions and government agencies. Protiviti – Who we are e Embedded Internal ControlProgram and Project Management Managing Applications Managing the Business of IT IT Security Business and Finance Operations Improvement Strategic and Operational Risk Internal Audit Sourcing & Consulting Restructuring & Financing Forecasting & Business Planning IT Consulting Governance, Risk & Audit Regulatory Compliance Finance & Performance Integrated Performance & Risk Management We help clients improve performance and manage risks. We believe in combining business insight and entrepreneurial spirit with experience and pragmatism. Now more than ever, this combination is essential for growing value whilst retaining control.
  • 5. 5 Protiviti IT Consulting Offerings at a Glance
  • 6. 6 Cyber Attacks describes the recent surge of internet sourced attacks focusing on effecting business operations, causing reputation harm, degrading eCommerce, stealing digital assets, and espionage against foreign entities. Usually these attack motivators are driven by financial, political, reputational, and personal interests in creating physical or logical harm. Rule of Thumb – What is important to you or to your company is likely of value to and target of someone else. What are Cyber Attacks?
  • 7. 7 Initial Compromise Establish Foothold Escalate Privileges Complete Mission Move Laterally Maintain Presence The Story of the Attack
  • 8. 8 11% 8% 11% 34% 25% 0% 5% 10% 15% 20% 25% 30% 35% 40% Manufacturing, Transportation, and Utilities Information and Professional Services Firms Retail Environments Financial Institutions Larger Organizations Who are the victims? Source: 2014 Verizon Data Breach Investigations Report, State of Cybersecurity: Implications for 2015 11% 31% 13% 55% 88% 2% 0% 20% 40% 60% 80% 100% Priviledged Misuse and Abuse Social Tactics Physical Attacks Malware Hacking Error How the breaches occur? Who did they get and how?
  • 9. 9 1% 7% 13% 18% 90% 0% 20% 40% 60% 80% 100% Business Partners Multiple Parties Insiders State-affiliated Actors Outsiders Who is the attacker ? External (Trend) Internal (Trend) Partner (Trend) Source: 2014 Verizon Data Breach Investigations Report, State of Cybersecurity: Implications for 2015 78% 72% 86% 98% 92% 95% 39% 48% 12% 4% 14% 12%6% 6% 2% 1% 1% -20% 0% 20% 40% 60% 80% 100% 2008 2009 2010 2011 2012 2013 What is the trends of attacker? Who is after us and Why?
  • 10. 10 Monitor – Build capabilities that identify anomalies quickly and accurately. Establish a baseline. Protect – Build a set of layers to protect infrastructure based upon risk. Resilient – Build elastic and flexible capabilities that can compensate for each other and adapt to new threats. Awareness – Improve internal and external awareness around capabilities. Being smart about what you share externally. Monitor ProtectResilient Awareness How to Respond?
  • 11. 11 Parrish Gunnels, Sr. Director and CISO of Information Security at Invitation Homes Parrish has more than 16 years of IT experience in various functions such as business analysis, project management, development, policy and process creation, business continuity management, internal / external audit, risk management and information security. He joined Invitation Homes, a Blackstone company, in February of this year. His experience includes working in multiple industries including financial services, telecommunications, and chemical manufacturing. Over the past few years, he has been focused on developing information security programs and securing existing networks through risk analysis, control definition, and user experience. Parrish holds a Master’s of Business Administration from Texas Christian University and certifications as a Professional Project Manager (PMP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), and Certified Information Systems Security Professional (CISSP). Chris Ray, SVP and CISO at Epsilon, Inc. Since November 2011 and as CISO of Epsilon, Chris oversees many facets of information security, including security operations, incident response, identity management and regulatory compliance. Prior to Epsilon, Chris was the CISO at Aflac Corporation for 7½ years and responsible for Information Security and Software Change Management. He also started and oversaw the first infosec department at Healthsouth Corporation. Finally, Chris served as an active duty United States Air Force (USAF) enlisted airman and then officer for 13 years with another 8 years in the active USAF Reserves. He retired in 2009 after 21 years of service. For over a decade, he worked at the Air Force Information Warfare Center conducting global cyber-warfare and cyber-terrorism exercises to provide government agencies information warfare tactics, techniques and procedures. Chris holds a BS in Computer Science from the University of Texas at Austin and a CISSP (Certified Information Systems Security Professional) certification as well as an ISSMP concentration in management. Ron Mehring, Sr. Director and CISO of Information Security at Texas Health Resources Ron Mehring serves as the chief information security officer / senior director, information security for Texas Health Resources, one of the largest faith-based, nonprofit health care delivery systems in the United States. At Texas health Resources, Ron leads IT GRC, security architecture, security operations, and the IT BC DR program. His current initiatives are focused on improving team performance, improving resiliency management, integrating a threat-management architecture that accounts for present and emerging threats, and maturing a technology risk management program that is aligned with the strategic goals of the organization. Ron holds an MBA in Risk Management from NYIT and is a Certified Information Systems Security Professional (CISSP). About Our Panelists