We all know that people are a central part of the security equation, but how often are they really considered when you’re looking for ways to reduce organizational risk? In this talk we’ll explore what security culture really means and why it’s a critical part of your overall security strategy. We’ll probe attitudes and perspectives that may be crippling your efforts to change behaviors, and review elements of a successful security awareness program. Finally, we’ll take a peek under the hood of your enterprise security policies and review strategies for making them more user friendly – and more enforceable.
Let us help you demystify the human and bring them back to their rightful place at the center of your security strategy–and success.
Presenters:
Glaphre Karolak started out as a help desk technician for a Las
Vegas-based airline in 2008, and showing more talent for writing than
fixing things, she quickly transitioned to documenting departmental
procedures, building IT training, and writing the airline’s first
information security policies. Glaphre was recruited by Caesars
Entertainment as they launched their PCI compliance effort, to lead
development of enterprise security policies and establish a security
awareness program. Glaphre joined Kindred Healthcare in 2015 in a
combined GRC and awareness role, writing policy for ISO 27001
certification, leading implementation of a enterprise document
management system, and building a phishing and awareness program.
Glaphre now writes for the Cybersecurity Engineering team, develops
awareness content and training, and passionately works to transform
security culture one relationship at a time. Glaphre has served as the
Secretary for ISSA Portland Board of Directors since 2017, and served in
the same position for ISSA Las Vegas from 2014-2016. She holds the GSEC
certification and is currently studying for her CISSP.
Brian Ventura is a security leader in the Portland area. Brian works for the City of Portland as an Information Security Architect, focusing on GRC, Education and Awareness. Brian volunteers with the Oregon CyberSecurity Advsory Council: https://cyberoregon.com/, PCC’s CIS Advisory Board and as a Director of Education for ISSA Portland. Brian is also a SANS Instructor, teaching CyberSecurity courses regularly including: Security Essentials, CISSP Certification, CIS Controls and Risk Management. You can find a NIST CSF management tool published on GitHub: https://github.com/brianwifaneye/NIST-CSF, as well as his SANS course schedule: https://www.sans.org/instructors/brian-ventura
Tickets on sale now: