With hundreds of Information Security frameworks available, which one should you choose? What are the advantages to using a framework, and what are the risks for not having one?
Please join ISSA Portland for an interactive leadership panel discussion. You are invited to engage with local leaders on framework lessons learned and best practices.
If you’ve wanted to know more about the value of information security frameworks, from selection, integration, and their alignment with compliance domains, come engage and learn, and bring your questions for the panel!
Register here: https://www.eventbrite.com/e/may-2021-security-frameworks-leadership-panel-discussion-tickets-151748743577 Registration is free for ISSA Members and $10 for non-members.
Framework examples we may discuss:
- NIST Cybersecurity Framework
- Center for Internet Security (CIS)
- Cybersecurity Maturity Model Certification (CMMC)(DOD)
- MITRE ATT&CK
- ISO 27001
- Microsoft
- PCI DSS
- COBIT
- HIPAA
Speaker bios:
TRACI ESTEVE – Director IT Risk and Compliance, The Standard Insurance Company
As Director of Technology Governance and Risk for The Standard in Portland, Oregon, Traci Esteve is committed to protecting the confidentiality, integrity, and availability of information and processing resources. She began her career as a developer and infrastructure engineer. This led to her rise to a premier technical architect at Accenture and to expanding the practice in Asia and Europe. Her journey includes staying home to raise her two sons and serving as an advisor to organizations to increase profitability, maximize customer value, and effectively meet regulatory requirements. She has a BS in Applied Science, MBA certification from Miami University, and a certification in Cybersecurity Risk Management from Harvard University. Traci enjoys cooking with her family, drawing, hiking, and encouraging high-school students to believe in themselves.
LEO HOWELL – Chief Information Security Officer, University of Oregon
Leo Howell is a visionary information technology leader who is passionate about the “I” in IT as he believes that data leveraged as a strategic asset is a competitive benefit to any organization. Leo currently serves as the chief information security officer for the University of Oregon where he practices his balanced approach to cybersecurity – stop the bad guys and empower the good guys to carry out the organization’s mission. Previously, he served in cybersecurity and audit leadership at NC State University. Leo received his B.Sc. in Computer Science and Electronics from the University of the West Indies, and his MBA from NC State University. Leo is a Certified Information Security Professional (CISSP), Certified Information Systems Auditor (CISA) and a proud member of the international honor society Beta Gamma Sigma.
SHANE PERRY – Information Security & Risk Officer, Oregon Public Employees Retirement System (PERS)
In his 7th year at Oregon PERS, Shane Perry is leading the agency’s Information Security and Risk Management Program(s), focused on protecting its member’s data in an ever-changing environment. As the Information Security and Risk Officer, Mr. Perry leads a small team which oversees the security, continuity, and risk challenges for Oregon’s Public Employees Retirement System. Prior to joining Oregon PERS, Mr. Perry lead and managed Information Technology and Cybersecurity functions across various industries including semi-conductor manufacturing, higher-education, private education, and most recently in the public sector. In total, Mr. Perry has over 20 years’ experience in Information Technology and Security Management. Mr. Perry maintains his CISSP certification and holds a Master’s degree in Management of Information Systems from the Westminster College of Salt Lake City, and a Bachelor of Arts degree in Speech Communications from the University of Utah (Go Utes!).
ITZIK KOTLER – CTO and Co-Founder, SafeBreach
A former member of the elite Israel 8200 Intelligence unit, Itzik Kotler served as CTO of Security Art, and led SOC activities and research for Radware (RDWR). He is a well-known security researcher and a frequent speaker at security conferences.
ESTEBAN GUTIERREZ – VP, Information Security & CISO, New Relic, Inc.
Throughout his career, Esteban Gutierrez has approached security challenges with the goal of enabling people to work safely and securely and to help organizations protect what they value. In early roles, he helped create the first enterprise network architecture for the US Army Corps of Engineers, solved security challenges in an e-commerce start-up, and while at Intel worked on cloud security strategy, enterprise risk mitigation, and research on emerging threats. Esteban joined New Relic in 2016 where he is leading the organization as the CISO on a path to cyber-resilience. Esteban is an initial founder of Security BSides Portland (a volunteer driven regional security conference) and is a long-time lead volunteer with Def Con. He is a proud father and lives with his daughter in Portland.