Aligning Risk and Security to What the Business Really Wants

Come and network with your friends, make new friends, and hear a great speaker. A buffet dinner will be available.

Topic One: Beyond Checklists: Aligning Risk and Security to What the Business Really Wants

Security isn’t just about patching holes or passing audits, it’s about knowing where to aim your resources and when to stop. Too often, even well-funded programs stall because they’re chasing every vulnerability without a clear sense of what actually matters to the business.

This session will unpack what it really takes to align security with your organization’s risk appetite. We’ll talk about bridging the gap between security, IT, and the board, shifting from “we don’t want a breach” to defining a true north star that drives strategy, budget, and execution.

You’ll learn how to:

● Translate business risk appetite into actionable security priorities

● Recognize when “enough” risk mitigation is truly enough

● Build strategies that consider budget, IT readiness, and long-term maturity (not just frameworks)

When done right, risk alignment transforms security from a reactive cost center into a disciplined driver of resilience and growth. If you’ve ever wondered, “How do I know my security strategy is aligned, or if we even have one?” this talk is for you. Expect candid insights, real-world examples, and practical takeaways for security leaders at every stage.

Speaker One: Gus Anagnos

Gus Anagnos is the Chief Operations Officer and CISO at Cyber Defense Group (CDG), where he oversees corporate strategy, delivery operations, account management, and customer success. With over 25 years of transformative leadership experience, Gus has excelled in translating technology into business value.

Previously, Gus served as the CISO at USC, leading key security initiatives and implementing a comprehensive cybersecurity program. Gus has also held senior roles at Synack, Inc., eBay, PayPal, IndyMac Bancorp, Marsh & McLennan and General Motors Corporation, establishing transformative programs and working with Fortune 500 companies and government agencies. He has a bachelor's degree in finance and an MBA.

Because ISSA Los Angeles makes commitments to our facilities well in advance of each event, we regret that we cannot offer any refunds or credits within 72 hours of any of our events. If you cannot attend an event you can send someone in your place as long as they have your written permission.

CPEs: There will be 2 CPE credits for the meeting.

Disclaimer: ISSA-LA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISSA-LA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISSA-LA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices.

All materials used in the preparation and delivery of presentations on behalf of ISSA-LA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISSA-LA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers. Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Permission to be Photographed: By attending this event, the registrant grants permission to be photographed during the event. The resultant photographs may be used by ISSA-LA for future promotion of ISSA-LA’s educational events on ISSA-LA’s web site and/or in printed promotional materials, and by attending this event, the registrant consents to any such use. The registrant understands any use of the photographs will be without remuneration. The registrant also waives any right to inspect or approve the aforementioned use of any photographs now or in the future.