Because only maintaining compliance is not enough to protect your business from the ever-evolving threat landscape, in this session, we will consider the intersection and codependence of compliance with security, maturity, defensibility and resiliency. An effective and maturing program must also align to a Control Framework so that you can measure its effectiveness and ensure appropriate decisions are made that enable business requirements and protect the security, integrity, and availability of information and technology. All of this must happen through the lens of defensibility which is an essential consideration when making risk decisions. And finally, we will look at what makes a business cyber-resilient. The cyber-strong resilient company has the ability to quickly adapt to disruptions while maintaining continuous business operations, and safeguarding people, assets, and overall brand equity. To find out more and register with your Security Weekly discount code, visit: Visit for all the latest episodes! Full Episode Show Notes

From Compliance to Resiliency: The Evolution of InfoSec, Part 2


Tim Callahan

Tim Callahan - SVP, Global CISO at Aflac


Tim Callahan joined Aflac in 2014, bringing more than 30 years of experience in information and physical security, business resiliency and risk management. He was promoted to his current role in January 2016, where he is responsible for directing Aflac’s global security strategy and leading the information security, business continuity and disaster recovery functions across the company to prioritize security initiatives and allocate resources based on appropriate risk assessments. Prior to joining Aflac, he served as senior vice president of business continuity and information assurance for SunTrust Banks, Inc. He also held leadership positions at People’s United Bank. Tim served in the U.S. Air Force for 23 years and earned an associate’s degree from the Community College of the Air Force and a bachelor’s degree from the University of the State of New York, Albany.


Jeff Man

Jeff Man - #HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems


Cryptanalyst, infosec analyst, pioneering ex-NSA pen tester, PCI specialist and certified security curmudgeon. Currently a Sr. InfoSec Consultant for Online Business Systems.
Kat Valentine

Kat Valentine - Compliance Free Agent (Consultant) at Osmosis Security


Getting her start with phones and computers at the early age of 6, Kat decided to put fear of success and failure aside to start Osmosis Security, a boutique security firm that supported her vision of what the professional hacker community should be focused on. Kat had humble beginnings and started her career working technical support for a local dial-up ISP in 1998. Since then, Kat worked in many different roles, from network voice engineer, vulnerability researcher to auditor, and is responsible for the secure and compliant design of several well-known cloud providers, payment providers, security platforms and end user applications, including the first compliance automation platform.
Scott Lyons

Scott Lyons - CEO at Red Lion


CEO at Red Lion


  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit to take the survey
  • Join us August 26th at 11am eastern to learn how to implement cloud security that actually works. Visit to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at