November 2013 Chapter Meeting

Our November chapter meeting is on Wednesday November 6th, 2013 at 5:45PM. Please RSVP if you plan on attending!

Engineering Value in an Information Security Practice

Abstract: This platitude is bandied about by security professionals; advice that recognizes the need for customer engagement without describing how to do this. Practitioners are left to rely on their own acumen and interpersonal skills to discern these priorities – a challenge that yields mixed results. This session offers a structured approach to understand business needs ,discern their connection to the security program, market that vision in a palatable manner to management, and finally sell the resulting controls to customers.

Attendees will learn about a healthcare organization’s security team that employed branding principles to inform its risk management and control architecture priorities. This allowed the team to create a program that reflected the brand values espoused by its company. The team then employed marketing techniques to promote the program’s value in supporting patient care to management. Lastly, the team socialized its customer-facing controls utilizing sales techniques that respected patients’ needs and concerns.

Speaker biography: Steven F. Fox offers security guidance to ensure compliance with Federal standards and requirements as a Sr. Security Architecture and Engineering Advisor for the U.S. Treasury. He contributes to multiple working groups including the IPv6 transition team, Developer Security Testing workgroup, and the Security and Privacy workgroup. Mr. Fox brings a cross-disciplinary perspective to the practice of information security; combining his experience as a security consultant, a Sr. IT Auditor and a systems engineer with principles from behavioral/organizational psychology to address security challenges. Steven is a syndicated blogger covering IT Governance, Risk Management, and IT-Business fusion topics. His speaking engagements include Blackhat’s Executive Summit, ISSA, ISC2, and ISACA events, SecureWorld Dallas/Detroit, Hacker Halted, Security B-Sides Chicago/Detroit/Las Vegas, and GrrCon. He also volunteers his time to the Ponemon Institute, Security BSides Detroit and the MichSec security organization.


5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A

Location Information

Metro Health Conference Center
2225 Main Street
Wyoming, MI, 49519