Please register at https://www.eventbrite.com/e/grand-traverse-issa-happy-hour-tickets-591891853467

We look forward to seeing you there.

Register to attend on Eventbrite: https://www.eventbrite.com/e/grand-traverse-issa-november-meeting-tickets-444909725967

ABSTRACT

More than ever, companies are using more of the cloud. They are using more different services from each cloud service provider and more cloud service providers than ever before. However, this migration to the cloud is fraught with peril. The media is full of examples of companies who got it wrong. The default configuration of most cloud services is insecure, primarily to empower exploration by new users. Before an organization can responsibly store sensitive data in the cloud, it must ensure the environment is adequately secured. Can the cloud be made secure enough? Where does one start with this herculean task? I believe that you can, indeed, be more secure in the cloud. This keynote presentation will cover some of the foundational cloud security practices that leading companies have leveraged to provide a very high level of security assurance. We will cover how to get started on this cloud security journey and then how to take it out of the stratosphere

BIO

Kenneth G. Hartman is an independent security consultant based in Traverse City, Michigan. Ken’s motto is “I help my clients earn and maintain the trust of their customers in its products and services.” Toward this end, he consults on a comprehensive program portfolio of technical security initiatives focused on securing client data in the public cloud. Ken has worked for a variety of Cloud Service Providers in Architecture, Engineering, Compliance, and Security Product Management roles.

As a SANS Certified Instructor for SEC488: Cloud Security Essentials and SEC510: Public Cloud Security: AWS, Azure, & GCP, Ken has also been the co-chair of the 2019 SANS Cloud Security Operations Solutions Forum, the 2019 and 2020 SANS Cloud & DevOps Security Summits.

For the previous decade, up until July 2011, he helped to build a start-up company called Visonex into a profitable, nation-wide dialysis-specific electronic medical record using a software-as-a-service (SaaS) business model. In addition to managing the inception and delivery of multiple product innovations, Ken was responsible for all aspects of assuring the security and privacy of both the internal IT systems and the company’s SaaS offerings. Prior to helping launch Visonex, Ken worked as a corporate Electrical Systems Manager for Kraft Foods where he helped to secure the plant floor automation systems.

Ken holds a BS Electrical Engineering from Michigan Technological University and a Master’s Degree in Information Security Engineering from SANS Technology Institute. Ken has earned the CISSP, as well as multiple GIAC security certifications, including the GIAC Security Expert.

Please register at events.netskope.com/grandtraverseissahappyhour.

We look forward to seeing you there.

https://www.eventbrite.com/e/grand-traverse-issa-december-meeting-tickets-221122843377

Rebecca will present “Will Your Office Coffeemaker Bring Down Your Business? Preventing IoT Cybersecurity and Privacy Nightmares“.

New smart technologies are rapidly entering the consumer and business markets, creating new and exciting services, along with new challenges for cybersecurity and privacy professionals. For example, huge amounts of patient data are collected and stored within bio-med devices. Smart toys and digital personal assistants collect, analyze and share data that reveals more about those in associated homes than the home occupants even know about themselves. The smart grid is attaching homes with utilities, smart appliance vendors, PEV owners and others to gain insights into living experiences. Consumers are now walking cash registers, paying for goods by simply being in the vicinity of payment systems. Smart cars and streets transmit data about location, driving habits, and the individuals who are associated. Retailers track the movements of shoppers while digital billboards and mannequins interact with consumers. Drones are live-streaming images within the airspaces where they fly. Vast amounts of data are automatically uploaded to social media sites and cloud servers, where marketing, research and other types of organizations are gobbling it up to data crunch with other data sources to produce vast amounts of new insights into the lives of consumers, patients, along with potential terrorists and crime suspects. Add to this consideration that new smart devices are built to be ubiquitous and unnoticeable.

What are the associated security and privacy risks? Rebecca will offer attendees some cybersecurity and privacy considerations for whenever their organizations ponder the use of IoT devices, as well as when trying to figure out if IoT devices are already within their digital environment. She will also offer some key questions to ask about the use of IoT devices to understand the associated risks, and point to useful resources for identifying requirements for IoT device cybersecurity and privacy risk controls. 

Rebecca is founder (2004) and CEO of The Privacy Professor consultancy and CEO of the Privacy Security Brainiacs SaaS services business she founded in 2020 with her son Noah, with over 25 years of systems engineering, information security, privacy & compliance experience. Rebecca has authored 20 books, just finishing the 20th published by CRC Press titled, “Security & Privacy when Working from Home & Travelling.” She has also written dozens of book chapters and hundreds of articles, and has received numerous awards, including being a top 3 Cybersecurity & Privacy Woman Law Professional of 2020, and being named a top female fighting cybercrime in 2019. Rebecca has her own radio/podcast show, Data Security and Privacy with the Privacy Professor on Voice America. Rebecca also serves as an expert witness and has keynoted on 5 continents. Rebecca is a subject matter expert (SME) in the NIST Cybersecurity for IoT Program team, prior to that was a SME member of the NIST Privacy Framework team for 1 ½ years, and led the NIST Smart Grid privacy team for 8 years. Rebecca was Adjunct Professor for the Norwich University MSISA program for 9 years. Rebecca has earned 11 professional certifications (FIP, CDPSE, CISSP, CIPP/US, CIPT, CIPM, CISM, CISA, FLMI, Ponemon Institute Fellow). Rebecca has Masters and Bachelors degrees in Computer Science, Mathematics and Education, and lives in Des Moines, Iowa, USA.

For more information about Rebecca’s career see https://www.linkedin.com/in/rebeccaherold/. rebeccaherold@rebeccaherold.com. www.privacysecuritybrainiacs.com www.privacyguidance.com

“Data breaches grab headlines. Good security is steady. While many industries have adopted zero-trust strategies to address challenges of the expanded perimeter, many have been wary of this trend and questioned if it is a fit for environments. As this session will cover, new strategies remain firmly rooted in tried-and-true best practices admins have followed for decades. The principles of logical segmentation, least-permissive access, economy of mechanism, adaptive policy controls, and strong authentication are simply evolving to accommodate new use cases rather than being replaced. Join this session for a grounded discussion of the unique needs and concerns for IT and IT Security teams based on real-world examples, and how concepts like device trust and context-aware access can improve security design without leaving crucial inherited or legacy systems out in the cold.”

Prior to his role at Duo Security, Wolfgang led IT and IT security in the healthcare and financial services verticals. He has held VP positions at several consulting firms, leading advisory and assessment practices.

You can follow him on YouTube for more insight on the future of information security.

Learn more at https://www.damianwaltersassociates.com/.

Check out Michael’s bio at https://themikewylie.com.