Compliance

Security vs. Compliance – PSW #632

It was once said that if Security and Compliance were in a relationship the status would be "It's Complicated". This discussion will aim to help you understand this relationship and how it can be beneficial or a mere distraction to an organization's overall security posture.

- Define "Secure" and "Compliant".

- Does compliance merely raise awareness about security shortcomings?

- What is the relationship between Security and Compliance?

- Being Secure and being Compliant are mere points in time, how can we best develop a process to ensure we are always striving to a secure and compliant state?

- How does Security impact and/or influence Compliance?

- How does Compliance impact and/or influence Security?

- How do you balance these extremes: "We will be Secure and ignore compliance" vs. "We will be compliant but ignore security"

Full episode and show notes

Guests

Alex Wood
Alex Wood
CISO at The Anschutz Corporation

Alex Wood has over 20 years of experience in Information Security is currently the CISO for The Anschutz Corporation. Alex has managed security programs and services at major companies across verticals, including telecommunications, energy, healthcare, entertainment, travel, and financial services. Additionally, Alex has served as a Director on the International Board of the Information System Security Association (ISSA) and is Past-President of the ISSA Denver Chapter. Alex is also Co-host of the Colorado = Security Podcast. Alex received a Bachelor of Arts from Grinnell College and a Masters of Applied Science in Computer Information Systems Security from the University of Denver.

Jim Hietala
Jim Hietala
VP, Security at The Open Group

Jim Hietala, is Vice President, Security for The Open Group, where he manages security and risk management programs and standards activities, He has participated in the development of several industry standards including O-ISM3, O-ESA, and the Open FAIR Body of Knowledge. He led the development of the Open FAIR standards and the certification program for risk analysts, and a joint Open Group and SIRA risk management practices survey project. He also led the development of compliance and audit guidance for the Cloud Security Alliance’s v2 publication.

Jon Fredrickson
Jon Fredrickson
Information Security & Privacy Officer at Blue Cross & Blue Shield of Rhode Island

Jon Fredrickson is the Information Security and Privacy Officer for Blue Cross and Blue Shield of Rhode Island. He graduated from the University of Rhode Island with a B.A. in Economics. Prior to joining BCBSRI, Jon was the CISO of Southcoast Health and has had various other IT Security positions in healthcare, services and manufacturing. During the past 12 years of working in the IT security field, Jon has developed a pragmatic approach to implementing cybersecurity solutions and assisting his organizations in properly measuring and managing cyber and privacy risk. Jon is a member of the Association for Executives in Healthcare Information Security, the Healthcare Sector Coordinating Council (HSCC) Cybersecurity Working Group (CWG), and is a Certified Information Security Manager.

Ron Gula
Ron Gula
President at Gula Tech Adventures

Ron is President at Gula Tech Adventures which focuses on cyber technology, cyber policy and recruiting more people to the cyber workforce. Since 2017, GTA has invested in dozens of cyber start-ups and funds and supported multiple cyber nonprofits and projects. From 2002 to 2016, Ron was the co-founder and CEO of Tenable Network Security. He helped grow the company to 20,000 customers, raise $300m in venture capital and grow revenues to $100m, setting up the company for an IPO in 2018. Prior to Tenable, Ron was a cyber industry pioneer and developed one of the first commercial network intrusion detection systems called Dragon, ran risk mitigation for the first cloud company, was deploying network honeypots in the mid 90s for the DOD and was a penetration tester for the NSA and got to participate in some of the nation’s first cyber exercises. Ron is involved in a variety of cyber nonprofits and think tanks including Defending Digital Campaigns, the Center for Internet Security, the National Security Institute and the Wilson Center. In 2020, Ron was honored to receive the Northern Virginia Technology Council Cyber Investor of the Year award and the Baltimore Business Journal Power 10 CEO award.

Wendy Nather
Wendy Nather
Head of Advisory CISOs at Duo Security at Cisco

Wendy Nather leads the Advisory CISO team at Cisco. She was previously the Research Director at the Retail ISAC, and Research Director of the Information Security Practice at 451 Research. Wendy led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation (now UBS), and served as CISO of the Texas Education Agency. She was inducted into the Infosecurity Europe Hall of Fame in 2021. Wendy serves on the advisory board for Sightline Security, and is a Senior Cybersecurity Fellow at the Robert Strauss Center for International Security and Law at the University of Texas at Austin.

Hosts

April Wright
April Wright
Preventative Security Specialist at Architect Security
Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Larry Pesce
Larry Pesce
Principal Managing Consultant and Director of Research & Development at InGuardians
Matt Alderman
Matt Alderman
Executive Director at CyberRisk Alliance
Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
Scott Lyons
Scott Lyons
CEO at Red Lion
prestitial ad