Where's Ben? (May 2012 Edition)

Spring has sprung, and the next concentrated round of travel is nearly upon me. On the off-chance that we've never met, and you'd like a chance, then here are your best bets in the coming weeks. Also, if anybody would be interested in chatting about GRC (and, specifically the LockPath solution), then please drop me a note and I'll work to set something up!

SIRAcon - May 7 - St. Paul, MN (River Center)

First up in May is the inaugural edition of the Society of Information Risk Analysts conference (something we hope to host annually). This is a 1-day event hosted at the same venue as Secure360, and it's very affordable ($119, $99 for SIRA members - membership is free!). Check out the event site (linked above) for full details. I'll be moderating the "Risk Management Practitioners Panel," which will feature some great panelists talking about their real-world experiences with risk management and risk analysis, including a promising discussion on how to find qualified candidates and how to improve education for upcoming graduates to help improve risk management teams.

This will be a relatively small event, which means there will be lots of opportunities for interaction, discussion, chit-chat, and in-depth discussion of all things "risk." If you have any interest in the topic, then I highly encourage attending!

Secure360 - May 8 & 9 - St. Paul, MN (River Center)

Next up will be me 2nd time at the Secure360 conference in Minnesota. I was very impressed by the event last year (2011), and eagerly submitted a couple talk proposals. I'm slated to deliver my talk "Back to Basics: Pragmatic Risk Management For the 99%" on Day 2 (Wednesday) at 11:15am (abstract below). There will be several other awesome talks that I highly recommend. If you're anywhere near the Twin Cities, then I hope you'll be able to make it out for what promises to be another excellent event!

Abstract:
"If you've spent any time investigating how to build or mature a risk management program, then you've likely had at least one moment where your eyes have crossed and you've thought "who would ever do this?" Much of the current literature comes to us from the financial services sector, but very little of it seems to translate well to other industries; especially not to the more than 99% of U.S. employer firms who qualify as small businesses. This situation begs the question: Just what can and should organizations be doing? This presentation will demonstrate how to make pragmatic use of risk analysis in any business and discuss how to scale risk management practices while still having a positive impact."

Rocky Mountain Information Security Conference (RMISC) - May 18 - Denver, CO (Sheraton)

The next week I'll be making my secondary appearance at RMISC in Denver. As was the case with Secure360, I was also very impressed by the quality of RMISC. They brought in many excellent speakers and did a good job creating networking opportunities for attendees to encounter sponsors. I expect this year will continue to build on the previous success.

For my part, I'll be delivering my talk "Cloud Control: Assurance in a Massively Scalable World" at 1:15pm (abstract below). This is a talk that I first developed last Summer, but that has only started to come into its own this year. I'm very much looking forward to giving it in this venue!

Abstract:
"Ubiquitous access to data and applications is here. No longer are our resources confined to enterprise networks and data centers of our own making. Rather, applications and platforms are now available on-demand, anywhere, anytime, to virtually anybody. Moreover, these environments can scale on demand, automating what has traditionally required expertise in system design and capacity planning. Assuring security in this environment poses new and evolving challenges. While they may resemble the same obstacles we've been managing for decades, they are increasingly more difficult to address. Now, more than ever, companies need to extend their governance, risk, and compliance initiatives to take cloud-related strategies and initiatives into account to proactively protect their data and their bottom line."

NESCO Town Hall: Security Risk Management Practices for Electric Utilities - May 30 & 31 - New Orleans, LA (Marriott)

My last stop in May will be in New Orleans, LA, for a NESCO Town Hall event. This will be a fairly quick event, split over 2 days, crammed full of great speakers and panels. For my part, I'll be participating on a panel titled "What Risks Are We Trying to Manage?" that will explore the role of risk management in the electricity sector and how we can (hopefully) get the "cybersecurity" side caught up with the rest of the average organization. Overall, this should be an interesting experience. I'm very much looking forward to the conversation and the types of questions people will raise.

See you out and about!

About this Entry

This page contains a single entry by Ben Tomhave published on April 25, 2012 2:22 PM.

InfoSec vs. Fast Food Nation was the previous entry in this blog.

Is the US Government Making Security Worse? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives

Pages

  • about
Powered by Movable Type 6.3.7