$0 – $20

Central Ohio ISSA Monthly Meeting - February 21, 2018

Event Information

Share this event

Date and Time

Location

Location

Expedient Upper Arlington

5000 Arlington Centre Boulevard

Columbus, OH 43220

View Map

Event description

Description

08:30 – 09:00 – Registration with light breakfast


09:00 - 09:50 – Jon Gorenflo

Title: What Drives Your Security Program?

Abstract: When the chips are down, how does your security organization make decisions? Is it based on the emotional pull of the moment? Your security policy? Is it dollars and cents? Someone’s potential for promotion? Compliance requirements? CNN? Let’s have a deep conversation about why we really do what we do, and how we can ground those decisions in what matters most.

Bio: Jon is the Founder and Principle Consultant of Fundamental Security, a small consulting firm focused on penetration testing, incident response, and strategic security consulting.

He has worked in Information Technology since 2004, and has focused on Information Security since 2006. Most recently, he was the Application Security Testing manager a Fortune 500 Financial Institution, and a Security Architect and Penetration Tester for a Fortune 500 retailer. In all, he has performed security engineering, security architecture, incident response, and penetration testing in the government, retail, and finance.

Passionate about security and leadership, he loves trying to ignite those passions in other people. Jon is proud to have served in the Army Reserve for 11 years, where he became a Warrant Officer and served one tour in Afghanistan. He currently maintains the GCIH, GPEN, GAWN, GMOB, CISSP, and Security+.


10:00 – 10:50 – David McCartney

Title: Why Risk Assessments Matter

Abstract: Risk management is a vital part of a maturing information security program. Peek behind OSU's Enterprise Security Risk Management curtain with data-driven examples of how information security risk is being reduced at OSU. Learn how to use scoring leadership will respond to, how to capture meaningful metrics, and hear what happens when you don’t. Results of our maturing processes will be shared including upcoming program changes, a brief assessment example, sample reporting, and frank discussion of current shortcomings and challenges.

Bio: David has over twenty-one years of experience in demanding information technology settings with a focus on information security over the past twelve years. Strong background in risk management, information assurance, vulnerability scanning and remediation, security policy creation and evangelism, penetration testing, and incident response.

David has presented at DerbyCon, Cornell Cloud Forum, Central Ohio ISSA, (ISC)2 Central Ohio Chapter, The Ohio State University's Cyber Security Day, Security Liaisons, and SecWOG (Security Working Group).


11:00 - 11:50 – Ed McCabe

Title: Meltdown and Spectre - The sky (probably isn't) falling (for most)

Abstract: We’ll look into what the two hottest exploitable vulnerabilities are. We will look at who we believe the two likeliest threat actors will be and who will be impacted (anyone work in cloud environments or surf the web?). We will cover how the two are alike and how they are different and how to address and reduce the potential impact (patching is just the start).

We will also dive into how these can be exploited with a live demonstration, talking about the technical details behind how this happened and what you can do to identify and respond effectively.

Bio: Ed's focus for the past +25 years has been aiding and assisting in the development and management of information security compliance programs to meet regulatory and statutory requirements while ensuring alignment with business needs and organization's vision and focus.

11:50 – 12:00 – Closing Comments


Share with friends

Date and Time

Location

Expedient Upper Arlington

5000 Arlington Centre Boulevard

Columbus, OH 43220

View Map

Save This Event

Event Saved