issa intl women in security special interest group (wis …c.ymcdn.com/sites/ · women in security...
TRANSCRIPT
ISSA Intl Women in Security Special Interest Group (WIS SIG)
Technology Leadership – Part IV
Leading The State Of Colorado To Cybersecurity Success
1
OCT 16 2017
2
•Ms. Domini Clark
https://www.infosecconnect.com/
WIS SIG CO-CHAIR
3
Connecting the Information Security Community With Opportunity
Post Your Resume
Find a New Position
Access Our Calendar of Worldwide Security Events
INFO SEC CONNECT
https://www.infosecconnect.com/
MissionConnecting the World,
One Cybersecurity
Practitioner at a Time.
VisionThe WIS SIG is committed
to developing women
leaders globally, building a
stronger cybersecurity
community fabric, and
enabling success across
the globe.
Creating Leaders Together ISSA WIS SIG embraces a spirit of collaboration within its organization and
throughout the industry. We partner with organizations to provide leadership programs and services, and challenge these companies to create
cybersecurity-oriented professional advancement opportunities for women.
4
5
• Foster the recruitment, retention and promotion of women within the cybersecurity industry
• Enhance women’s career growth by providing professional development events, career path information, mentoring and coaching services, and networking opportunities
• Cultivate leadership and technical competencies for women within the cybersecurity field
• Provide a global cybersecurity forum which recognizes women's professional contributions
• Continuously improve the ISSA WIS SIG's value proposition and ability to attract, develop, and retain a diverse community of women worldwide
WIS SIG Goals
6
Global SIG PARTNERS
Ms. Deanna Boyden
Ms. Domini Clark
Ms. Lisa Jiggetts, Founder, President, and CEO
Mr. Jeff Steiner & Mr. David Leighton
Nanci Schimizzi, Board Member
Ms. Marlene Veum
Ms. Deidre Diamond
Lorena Fimbres & Jeff Terhune & Jeanne
Martin & Carole Inge
Nanci Cronk, Account Executive
Paige Needling, President and CEO
Kristen Lamoreaux, Founder, SIM Women
Ms. DeeDee Smartt Lynch, President
Ms. Laurie Wiggins, Founder, President, and CEO
Dori Farah // Director, Workforce & Affinity Alliances
Ms. Jessica Johnson
7
Global SIG PARTNERS
Ms. Susan Leister
Mr. Casey O’Brien & Ms. Barbara Huffman de Belon
Ms. Vera Lichtenberg & Mr. Scott Martin
Ms. Judy Arteche-Carr
Gustavo Hinojosa, Executive Director, National Cybersecurity Student Association
Mr. David Eber & Ms. Teresa Allison
Ms. Janice Comer Bradley, Ms. Leah Lewis & Mr. Matt LoFiego
Ms. Valerie Barr & Ms. Jodi Tims
Ms. Kathleen Smith
Ms. Melissa Butler
8
Million Women Mentors
Become A Sponsor
Become A Mentor
Become A Partner
Call to Action Our Structure
5 Pathways to Mentorship
We have surpassed 1 million!
OUR GOAL
Million Women Mentors (MWM), a STEMconnector initiative aims to increase the number of women and girls entering STEM fields through mentorship, thus increasing their interest and confidence in STEM areas.
stemconnector.org, www.millionwomenmentors.org
9
Carole Dicker,
Principal -
FEDROCK
Security, LLC
Fedrock
Security LLC is in
the Security Systems
Services business.
Connie Justice, CISSP,
Ph.D. CybersecurityClinical Associate Professor
of Computer Information
Technology. Director of IT
Security Education and
Experiential Learning,
http://livlab.org. Purdue
Technical Assistance Program
(TAP) Faculty,
http://tap.purdue.edu/
2017 WIS SIG
Volunteers
Dr. Maxine Henry,
PhD MAOM,
CGEIT, GRISC,
CISA, ITIL Dr. Henry is a global
strategist and
consultant focused on
the impact of GRC
and information
technology.
Christy Lodwick
VP of Marketing & Business Development Tyde Systems, LLC -- Six Sigma Green Belt, Cisco Certified Sales Expert, CyberSAFE, CCNA,HIPAA
10
Lauren Rousseau-Ball,
WIS SIG Volunteer
Extraordinaire
Paige NeedlingPaige brings 20 years of “in-the-trenches” experience to solve realworld data security andcompliance challenges for herclients. She has been recognizedas one of the Game Changers inInformation Security by HUBMagazine and has been featuredin Compliance Weekly and otherindustry publications. She hasshared her expertise as a speakerat ISACA and IIA.
2017 WIS SIG
Volunteers
Marlys Rodgers, CISM, MBATenured technology leader
experienced in enterprisedeployments of cloud, onpremise and mobile (BYOD) for
Fortune 100 financial institution.Transitioned career by buildingon IS/governance work to GRC
and now leading riskmeasurement for global digitalwallet company with a focus on
info sec/cyber.
Hanna Sicker, CISM, CISSPOver 25 years of technical and management experience, including 10 years in information security operations. As Head of Global Security and Network Operations for StubHub, Sicker oversees a team of SOC analysts and NOC Engineers who provide support to all StubHub sites globally in 48 countries.
11
Sara Avery - Chair Elizabeth Van Ackeren - Vice Chair
Mary Haynes - Secretary and Sponsorship Debbi Blyth - Community Outreach
Danielle Wilson - Membership Jen Wilson - Communications Emily MacCormick - Treasurer
Nancy Philips - Community Outreach
WIS SIG Denver
Mary Haynes Danielle Wilson
12
Rhonda Farrell
Domini Clark
CassandraDacus – Partner
Volunteer
WIS SIG Leaders
WIS SIG Advisors
13
Andrea Hoy
Candy Alexander
Anne Rogers
Debbie Christofferson
Jean Pawluk
Sandra M.Lambert
SIG Liaisons
14
Central & South FLMaureen Premo
AtlantaCassandra Dacus
Colorado SpringsDonna Kimberling,
Colleen Murphy
Central MD & NOVA Rhonda Farrell
National CapitalTeresa Allison
Chicago, IllValerie Baldwin Denver CO
Marlen Veum, DJ McArthur, Christy
Lodwick, Deb Peinert
MinnesotaBetty Burke
Central TXTenille Jones
PortlandBrian Ventura
San FranciscoJoan Rose, Tamara
Thompson, and Terry Quan
SingaporeMagda Chelly
Silicon ValleyDiane Gandara
15
Support Our SIGs!
• Financial
• Ms. Andrea Hoy
• Healthcare
• Mr. Andy Reeder
• Grant Johnson
• Security Awareness
• Ms. Jill Feagans
• Mr. Kelley Archer
• Women In Security
• Ms. Domini Clark
• Ms. Rhonda Farrell
http://www.issa.org/?page=SIGs
16
2017 ISSA INTL Global SIG Lineup
* Additional Mentoring Meet-Ups, SANS Hosted Connect Events, Student Security, and Local Outreach and Membership Drive Events Planned
JAN 2017 FEB 2017 MAR 2017 APR 2017 MAY 2016 JUNE 2017
9th – WIS SIG*
13th - WIS SIG; 15th –
SEA SIG
13th - WIS SIG; 16th –
Financial SIG
Security Summit;
16th – HC
SIG
10th – WIS SIG
8th – WIS SIG; 10th –
SEA SIG
12th – WIS SIG; 15th –
HC SIG; 16th
– FIN SIG;
JUL 2017 AUG 2017 SEP 2017 OCT 2017 NOV 2017 DEC 2017
10th – WIS SIG
9th – SEA SIG;14th –
WIS SIG;
11th – WIS SIG; 14th –
HC SIG; 15th
– FIN SIG
16th – WIS SIG
8th – SEA SIG; 13th –
WIS SIG
11th – WIS SIG; 14th –
HC SIG; 15th
– FIN SIG
17
ISSA INTL SIG Membership Drive
*NOT APPLICABLE TO STUDENT MEMBERSHIPS
ISSA International Memberships* are
20% off for SIG Members, use Discount
Codes at Checkout: 20FSIG16, 20HCSIG16,
20SEASIG16, 20WISSIG16
18
WIS SIG 16 OCT 2017 - Presenter: Ms. Deborah Blyth
Deborah Blyth
https://www.issa.org/events/EventDetails.aspx?id=911314&group=107122
Leading The State Of Colorado To Cybersecurity Success
In August 2014, Deborah became the state’s new Chief Information Security Officer (CISO), bringing a diverse 25-year technology background including 14 years of information security experience. As the CISO, she serves as the point of contact for all information security initiatives in Colorado, informing the Secretary of Technology & Chief Information Officer and executive agency leadership on security risks and impacts of policy and management decisions on IT-related initiatives. Deborah is responsible for determining the strategic and tactical security direction for the State to meet established objectives.
Before joining the state of Colorado, Deborah led the Information Technology Security and Compliance programs at TeleTech (5 years) and Travelport (3 years). Deborah is a Colorado native, and graduated Summa cum Laude with a Bachelor of Science degree from Regis University.
AGENDA
Securing Colorado
➢ The Chief Information Security
Officer’s Role
➢ Colorado’s Security Program
Security Leadership
➢ My background
➢ Leadership Lessons Learned
➢ Being a Woman in Security
Deborah Blyth - October 2017
Deborah Blyth - October 2017
Audience Poll #1
Choose the answer that best describes
where you are, in your security career:
1) I’m a student2) I’m trying to get into the security field3) I am just starting my security career4) I’ve made good career progress but I haven’t yet met my
career goal5) I am at the pinnacle of my career6) I am in a security career now, but I am seeking an alternate
career field
Deborah Blyth - October 2017
State of Colorado CISO Role
● Providing security governance and oversight for 17 Executive Branch
agencies
● Serving 5.5 million residents and 28,000 state employees
● Managing a $12.6 million annual budget
● Budget requests supported by Office of State Planning and Budgeting,
approved by JTC, JBC, General Assembly, Governor
● Regular presentations to the Joint Technology Committee (JTC) and
Legislative Audit Committee (LAC)
● 1,200 projects in-flight
● 120 applications considered critical or
essential
● >8.4 million security events daily
State of Security: Colorado today
Deborah Blyth - October 2017
Colorado’s cybersecurity program is:
> 4% of statewide IT spend
one of the IT Strategic Goals
Deborah Blyth - October 2017
Secure Colorado: Establishing the Need
Risks
• Different tools and configurations
• Varying levels of security maturity by agency
• Vulnerability remediation inconsistent or non-existent
Security Budget
• 2012 Budget for Information
Security Improvements $6,000
• Didn’t accommodate projects or improvements
Deborah Blyth - October 2017
Secure Colorado: Strategic Program Priorities
Secure Colorado:
To reduce the state’s exposure
to data breaches
and cyber attacks
To justify
ongoing budget
for security improvements
#1 – Protect Information and Systems
#2 – Research and Development
#3 – Partnerships #4 – Compliance
Framework: 20 Critical Security Controls for
Effective Cyber Defense (Center for Internet
Security)
Deborah Blyth - October 2017
Secure Colorado: Information Security Advisory Board
Comprised of individuals representing Public and Private Sectors
Critical to the creation and adoption of Secure Colorado
The Colorado Information Security Advisory Board meets annually to:
• Receive an update on Secure
Colorado
• Provide input into the next
iteration of Secure Colorado
Deborah Blyth - October 2017
Secure Colorado – Program Accomplishments
Audit Remediation
- Almost 600 overdue
high-risk audit
recommendations
implemented
Security Tools in Place
- 98% coverage across all
environments
Patching
- More consistent, and up-
to-date than ever
before!
Two-Step Verification
- To minimize phishing
impact
Building Secure Applications
- 20 hours “secure coding” training provided to
all developers
- Code security assessment tool deployed;
more than 70 applications scanned and
5,500+ vulnerabilities fixed
Best Practice & Leading Edge Security
- Automation, consolidation, & consistency for
all agencies
- Increased visibility into security events
- Advanced traffic filtering and attack blocking
- Email enhancements & encryption
- Project oversight to ensure security is built-in
Quarterly Security Awareness Training
- Keeping security top-of-mind for all employees
Deborah Blyth - October 2017
Secure Colorado – Program Accomplishments
Recommended MitigationHighest-Impact Risk Reduction Strategies
● Review encryption needs with OIT Security Team
○ Encryption minimizes impact of data
breaches
● Maintain up-to-date systems
○ Refresh outdated systems
○ Retire old, unsupported systems
● Promote Security Awareness Training
○ Module #1 - 99%
○ Module #2 – 97%
○ Module #3 - 91%
○ Module #4 - 83%
Agency Risk Report CardDeborah Blyth, Colorado Chief Information Security Officer
Agency Risk Score: 8.25
71%Compliance State Hardening
Standards
0Open IT
Audit Findings
98%System Patching
98%threats remediated of
107,551 detected
Sample
Achieved 48%
risk reduction in
a two-year
timeframe
All agencies
finished FY16
and FY17 below
enterprise goal!
Deborah Blyth - October 2017
The Award Winning Secure Colorado Strategic Plan
Secure Colorado chosen as a cybersecurity strategy model for the
National Governor’s Association Policy Academy
Quick and sustainable risk
reduction
National Association of State
CIOs (NASCIO)
Innovation in Security
Center for Digital Government
Outstanding business
value and thought
leadership
CSO Magazine
Deborah Blyth - October 2017
Leveraging Partnerships for Incident Response
Partnerships are instrumental in testing and improving our response
to cyber events.
29
2016
Colorado
X-Games
Simulation
2017 Simulated Dam Control Systems Attack
2015 Communications Cyber Exercise
Deborah Blyth - October 2017
Evolving the Program: Secure Colorado
Considerations:
➢ Business Strategy and IT Strategy
➢ Current Threat Landscape
➢ New and Emerging Technology
➢ Input from Trusted Advisors and CISO-Peers
➢ Gaps in funding
➢Maturity
Technology,
Risks,
Threats, and
our strategic
goals are
constantly
evolving.
Our Cyber
Security
Strategy
needs to be
continually
assessed and
updated.
Deborah Blyth - October 2017
Secure Colorado – Focus in 2018
Veterans Transition Program
• Paid cybersecurity internships for veterans
• Enabling a career transition path
Proactive Risk Assessments
• Focusing on agencies Critical and Essential Applications
• Vendor Risk Management
Identity and Access Management
• Automated provisioning, de-provisioning and auditing toolset
• Two-factor authentication
• Role-based access controls across all agencies and databases
• Privileged access management
20 Critical Security Controls
• Using existing Secure Colorado budget to
continue to strategically implement security
improvements, and maintain consistency
across all executive branch agencies
Deborah Blyth - October 2017
About Me
Deborah Blyth - October 2017
Audience Question:
What Was Your First Computer?
Deborah Blyth - October 2017
My First Computer!
My Background
MVS Operations (tape operator)
MVS Systems Automation
UNIX System Administration
Firewall Administration
Security!
Deborah Blyth - October 2017
Deborah Blyth - October 2017
Leadership
Deborah Blyth - October 2017
Audience Poll #2:
Do you feel you’ve had more good
bosses or bad bosses in your career?
▪ Good
▪ Bad
Deborah Blyth - October 2017
Leadership Lessons I’ve Learned
➢ Leaders don’t shrink away from opportunities to
grow
➢ Leaders embrace ownership
➢ Leaders understand that relationships are CRITICAL!
➢ Leaders act like leaders long before they have the
title
➢ Leaders understand that their people need them
Deborah Blyth - October 2017
Being a Woman in Cybersecurity
Deborah Blyth - October 2017
Now Is A Good Time For A Cybersecurity Career!
➢ Unemployment rate: ZERO! (Gartner)
➢ >348,000 Open security positions (CyberSeek)
➢ 1.8 Million Unfilled Positions by 2022 (Center for
Cyber Safety and Education)
➢ Average CISO Salary Increase Since 2014 > 20%
(Gartner/Mercer Report)
➢ The Demand will Increase by >50% Through 2018
(U.S. Bureau of Labor Statistics)
Deborah Blyth - October 2017
Being a Woman in Cybersecurity
Altona Middle School CyberPatriots Team
Colorado
43
▪ ISSA International Members
▪ ISSA INTL WIS SIG Members
▪ IEEE WIE Members
▪ Strategic Partners
THANK YOU TO OUR ATENDEES &
SUPPORTERS
44
• ISSA International Service Offerings
• CISO Executive Forum (Meets Quarterly)
• Domestic and International Chapter Base
• E-News
• ISSA Intl Special Interest Groups
• ISSA Industry Webinars
• ISSA Journal
• ISSA Web Conferences
• Mentoring Programs
• Conferences
45
CISO Executive Forum Info
2018 Schedule Out Soon
The role of information security executive continues to be defined and redefined as the integration of business and technology as it evolves. While these new positions gain more authority and responsibility, peers must form a collaborative environment to foster knowledge and influence that will shape the profession.
The Information Systems Security Association (ISSA) recognizes this need and created the exclusive CISO Executive Membership program to give executives an environment to achieve mutual success. Connecting professionals to a large network of peers, valuable information, and top industry experts the program is a functional resource for members to advance personal and industry understanding of critical issues in information security.The CISO Executive Forum is a peer-to-peer event. The unique strength of this event is that members can feel free to share concerns, successes, and feedback in a peer only
Information: https://www.issa.org/?page=CISOhome
46
CMU Heinz College Strategic Partners Scholarships Program
Heinz College Strategic Partners Scholarship AwardBeginning in Fall 2017, in conjunction with its newly established agreement with ISSA, Heinz College will include ISSA as a participant in the Heinz College Strategic Partners Scholarships program. As part of this designation, Heinz College will award scholarships to incoming students in any of the full-time programs offered by Heinz and part-time students in the college’s Master of Science in Information Technology (MSIT) program who are currently a member of ISSA. The award will be made at the time of admission (no separate application is necessary) and full-time students will receive tuition reduction scholarship of at least $6,000 per semester, while part-time students will receive a 30% tuition reduction scholarship. To be considered, applicants should indicate their status as a ISSA Scholar on the application for admission in the “Partners” section. This scholarship series will be completely funded by the Heinz College operating budget.
Maximum Number of Scholarship AwardsEach year, a maximum of ten qualified ISSA members in the Heinz College’s incoming class can be awarded the CMU Heinz College Strategic Partners Scholarship.
For additional information, reach out to [email protected]
47
2017 SANS & ISSA WIS SIG CONNECT
EVENTS
▪ VetSuccess▪ Women’s Academy
+
Cross Country Connect Event Tour 2017
51
2017 SANS & ISSA WIS SIG CONNECT
EVENTS
Cross Country Connect Event Tour 2017
https://www.issa.org/events/event_list.asp?show=&group=107122
▪ November 15, 2017 – Atlanta, Georgia
▪ December 15, 2017 – Washington, DC
52
SANS is the most trusted and by far the largest source for information security training in the world.• Certifications• Cyber Security Graduate School• Internet Storm Center• Security Awareness• Computer Forensics• Software Security• Penetration Testing• Government Private Training
Join us December 15, 2017 for our SANS
Hosted CONNECT EVENT
Washington Hilton1919 Connecticut Avenue, NWWashington, District of Columbia 20009▪ 4:00 – 5:30 PM Cyber Challenges▪ 5:30 – 7:00 PM Panel & Networking
53
2017 Scholarship Giving Program
▪ Donate Online:http://issa-foundation.org
▪ Email Us for Info:[email protected]
WIS SIG Scholarship Fund
54
ISSA International Journal Articles
http://www.issa.org/?page=ISSAJournal
Please contact [email protected] if you are interested in submitting a SIG column entry!
55
SPONSORSHIP OPPORTUNITIES
•Financial
• Ms. Andrea Hoy
•Healthcare
• Mr. Andy Reeder
•Security Awareness
• Ms. Jill Feagans, Mr. Kelley Archer
•Women In Security
• Ms. Rhonda Farrell
56
AMAZON SMILE CAMPAIGN
Want to make a difference in getting qualified people into
the cyber workforce? You can automatically donate to the
ISSA Education Foundation scholarship program when you
sign-up for AmazonSmile. Simply designate the 'ISSA
Education And Research Foundation Inc.' as your preferred
charity. The cost of items, as well as Prime free shipping, are
the same as on regular Amazon, but AmazonSmile will
donate 0.5% of the price of your eligible AmazonSmile
purchases every time you shop. It's a painless and easy way
to make a difference in supporting our future cybersecurity
professionals…so make that 'smile' box count!
57
58
Registration Info for our WIS SIG Portal
• Non-members:
https://www.issa.org/general/register_member_type.asp?
• Members: [email protected] or Press Join on our SIG page
once you are logged in!
59
Monthly WIS SIG Webinar Mentoring Success Around the Globe – Part IV
LEAD WITH THE POWER OF VISIONGretchen McClain, Principal, GW McClain
Advisory Services
November 13, 2017 (1600-1700 Eastern)
https://www.issa.org/events/EventDetails.aspx?id=911316&group=107122
Join US at our NEXT Event!
Connect with us!
WIS SIG Subgroup of ISSA #ISSAWISSIG
ISSA PORTAL: http://www.issa.org/members/group.aspx?id=107122