From Compliance to Resiliency: The Evolution of InfoSec, Part 1 – Tim Callahan – SCW #84

Because only maintaining compliance is not enough to protect your business from the ever-evolving threat landscape, in this session, we will consider the intersection and codependence of compliance with security, maturity, defensibility and resiliency. An effective and maturing program must also align to a Control Framework so that you can measure its effectiveness and ensure appropriate decisions are made that enable business requirements and protect the security, integrity, and availability of information and technology. All of this must happen through the lens of defensibility which is an essential consideration when making risk decisions. And finally, we will look at what makes a business cyber-resilient. The cyber-strong resilient company has the ability to quickly adapt to disruptions while maintaining continuous business operations, and safeguarding people, assets, and overall brand equity. To find out more and register with your Security Weekly discount code, visit: Visit for all the latest episodes! Full Episode Show Notes

From Compliance to Resiliency: The Evolution of InfoSec, Part 1


Tim Callahan

Tim Callahan - SVP, Global CISO at Aflac


Tim Callahan joined Aflac in 2014, bringing more than 30 years of experience in information and physical security, business resiliency and risk management. He was promoted to his current role in January 2016, where he is responsible for directing Aflac’s global security strategy and leading the information security, business continuity and disaster recovery functions across the company to prioritize security initiatives and allocate resources based on appropriate risk assessments. Prior to joining Aflac, he served as senior vice president of business continuity and information assurance for SunTrust Banks, Inc. He also held leadership positions at People’s United Bank. Tim served in the U.S. Air Force for 23 years and earned an associate’s degree from the Community College of the Air Force and a bachelor’s degree from the University of the State of New York, Albany.


Jeff Man

Jeff Man - #HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems


Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.
Kat Valentine

Kat Valentine - Compliance Free Agent (Consultant) at Osmosis Security


Getting her start with phones and computers at the early age of 6, Kat decided to put fear of success and failure aside to start Osmosis Security, a boutique security firm that supported her vision of what the professional hacker community should be focused on. Kat had humble beginnings and started her career working technical support for a local dial-up ISP in 1998. Since then, Kat worked in many different roles, from network voice engineer, vulnerability researcher to auditor, and is responsible for the secure and compliant design of several well-known cloud providers, payment providers, security platforms and end user applications, including the first compliance automation platform.
Scott Lyons

Scott Lyons - CEO at Red Lion


CEO at Red Lion


  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s in-person event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on world pass and main conference registration! Visit to register now!
  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista! We are excited to announce our first round of speakers: Lesley Carhart, David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Nick Leghorn, Michael Schladt, Kevin Johnson, and Justin Kohler! Visit to register and check out our rockstar lineup!
prestitial ad