Topic 1: Making cybersecurity reliable and cybersecurity careers rewarding
Putting people in the center of cybersecurity.People face dangers. Cyber pros are suffering from stress, burnout & “hamster wheel” syndrome.There’s a better way. Cyber pros can achieve better work-life balance, more rewarding careers & missions – by making cyber as reliable as electricity.How? Like other business functions do – with curiosity, critical thinking, system thinking & industrial-strength design thinking. The same way innovation creates products that daily delight us. The way music brings us joy. The way military battles are won.It takes learning to think counter-intuitively & change.Innovators have education, method & coaching at the individual, team & organizational levels. Compared to other business functions, cyber pros are setup to fail. Their support system is missing!The good news is, it’s readily fixable! That starts with putting people in the center of cyber – empowering cyber pros, accelerating authentic Zero Trust & making cyber as reliable as electricity.Join us to map-out your action plan.
Brian Barnier is the co-founder of Think.Design.Cyber and the think-tank, CyberTheory Institute that bridges the gap between boards, business leaders, cybersecurity leaders and compliance.Brian has earned coveted achievement awards from two of ISACA’s most significant chapters. In 2021, he earned the highly distinguished Joseph J. Wasserman Award presented by ISACA New York Metro Chapter. In 2015, he received the V. Lee Conyers Award from ISACA Greater Washington DC.He has pioneered critical, systems and industrial design thinking in the cybersecurity discipline and the use of life-like scenario analysis to address critical issues of evolving threats/attacks, eliminate bad methods that cause breaches, waste money and resources and burnout cyber pros, affecting culture and retention.He is the author of The Operational Risk Handbook (Harriman House, Great Britain, eaker Bio:2011) used as a textbook by the London Institute of Banking & Finance. In 2020, Brian’s paper with expert Prachee Kale, “Cybersecurity: The Endgame -- Part 1” was honored as the 2020 Article of the Year in the Taylor and Francis EDPACs journal.Deep in professional guidance, he is a co-author of ISACA’s Risk IT and COBIT, and the Shared Assessments Program. ISACA's IT Audit Framework 2020 points to his work in risk assessment. He is one of the first three “Fellows” of OCEG -- the Open Compliance & Ethics Group – the organization that created “Governance, Risk and Compliance."" Prachee Kale Prachee is the co-founder of Think.Design.Cyber, a Founding Executive Fellow of CyberTheory Institute and a multi-disciplinary professional with a 17 year, ""4D"" career spanning: Cybersecurity & Tech, Business Strategy, Diversity & Inclusion and Executive Coaching.Prachee’s current work is focused on 1) coaching introverted cyber professionals (who account for 60%+ of cyber workforce) to build their brand and become strong leaders without changing their personalities and, 2) bringing critical, systems and design thinking to cybersecurity organizations so they can accelerate Zero Trust implementation, drive demonstrable business outcomes and cost savings, improve culture and reduce burnout.Her article “Cybersecurity: The End Game Part 1” in the Taylor and Francis EDPACs journal was honored as “2020 Article of the Year.”In cybersecurity, she has managed strategic investments of over $150 million, reduced spend by 20+%, eliminated antagonistic culture and demonstrated 90% retention rate for more than 3 years. Prachee’s business strategy experience comes from working on business and tech transformations, enterprise risk and regulatory mandates, in management consulting and the World Bank.As a leader in the DEI dept., she is accelerating diversity and ESG initiatives. Prachee is the Executive Sponsor for the Women Leaders program focused on increasing representation of women of all backgrounds.She earned an M.S. in Bioinformatics from George Washington University, which is about building tech for biological research. She wrote code, conducted scientific experiments on HIV viruses, and did PCR tests (yep, those). Think invasive viruses, the pandemic and cybersecurity!
Topic 2: Modernizing the Security Goals: “CIA” is half the story (more or less) *(iSACA CACS22}
Traditionally security expressed three goals – Confidentiality+Integrity+Availabilty: CIA. However, IT has changed and so must security. Security must address ALL the goals for a system. There ARE more than three. This presentation will refer to this with the revised acronym “CIA+FBI”. The need for this update can be shown with new regulations such as GDPR and updates to FISMA. Attendees will also be guided on how to tailor the list of goals to their system. This tailoring can be due to the data processed or technology, as well as the controlling regulations. For example, Cloud nearly never would address availability, but the practitioner would choose to replace with one or more other goals.
- understand that there are more than three (3) security goals
- adapt security goals to their system and organization
- understand when to apply which security goals
Brett has over twenty years supporting a variety of organizations across Federal and DoD organizations. Brett has provided consultation and guidance for enhancing security and privacy protections across a variety of Federal and DoD organizations as well as contractors. This includes assuring compliance with FISMA/SP 800 53 and HIPAA, as well as SP 800 171. Brett has over twenty years of experience soliciting and creating the information necessary to create and manage all security documents. Brett has created, written, updated, and corrected as well as assessed/evaluated plans. This includes (but not limited to) SSP, disaster, contingency, recovery, incident plans and associated policies and procedure; security mission statement. Brett has authored and executed technical testing as well as related interviews of all levels of staff, reviews of all related documentation. Brett has over twenty years of experience with NIST standards and frameworks (e.g. SP 800 53, FISMA, SP 800 171) as well as PCI DSS, ISO, CIS, SOC. This includes both ISSO as well as Assessor roles. Brett has received the Registered Practitioner (RP) from the CMMC Accreditation Body; several more are pending. Brett regularly attends CMMC AB events, and stays up-to-date with current eve Brett is a recognized national expert and leader in NIST RMF, FISMA, DFARS, SP 800 171 (several prior SP 800 171 projects), DoD CMMC (credentialed), and HIPAA Security Rule. Brett has published papers on topics in this sector as well as presentations in a variety of situations, including international conferences, security group meetings as well as online streams.