Oct
18
11:30 AM11:30

Creating a Security Focused Corporate Culture

head-shot.jpg

Come hear (ISC)2’s very own David McHenry speak about creating a Security Focused Corporate Culture. David has spent the last 20 years managing networks as well as administration and support personnel for such companies as Radiology Alliance, NFIB, and Shop at Home. David is currently in charge of Information Security at Healthcare Bluebook and, over the past four and a half years, has taken their security program from very humble beginnings to a fully functioning and mature posture. His infrastructure and support management background coupled with a degree in psychology, has provided David with a unique perspective on creating a security focused corporate culture.

View Event →
Aug
16
11:30 AM11:30

Why Social Engineering Succeeds

SwordSheild.gif
flexential-logo-press-release.jpg
 

Sponsor Overview

Securing business for more than 20 years, Sword & Shield Enterprise Security, Inc. partners with our customers to meet the needs of their dynamic cybersecurity and compliance landscape.

We work closely with companies to become tightly integrated with their enterprise operations in the areas of managed security, risk and compliance, enterprise security consulting, security incident response, forensics and security training.

Recognized nationally and headquartered in Knoxville, Tennessee, Sword & Shield has offices throughout the US. Sword & Shield services a broad spectrum of industries, including healthcare, retail, media, banking and finance, legal and manufacturing.

At Flexential, we believe infrastructure is more than technical—it’s personal. That’s why the best infrastructure solutions aren’t about infrastructure— they’re about people. This is an approach not often seen in the world of IT transformation. We build trusted relationships and tailored solutions that show that technology has a personal side. Flexential’s DNA has deep roots in the southeast and the west. For nearly 20 years, both Peak 10 and ViaWest helped data-intensive organizations transform IT from a cost center to an asset that helps achieve innovation and improve speed to market while also lowering risk. We joined forces in August of 2017, and rebranded as Flexential in January of 2018. Our comprehensive suite of hybrid IT solutions, coupled with the depth of our team’s experience and expertise in developing tailored solutions to meet the specific needs of our customers, are what set Flexential apart. Wherever you are in your IT transformation journey, Flexential is your partner to optimize and evolve your workloads’ performance, reliability and security.

Speaker Bio

Teddy Ansink is an Enterprise Security Consultant with over 7 years in the IT industry.  Teddy has designed, coordinated, and presented proposals to multiple RFP’s including projects in the high performance computing space, business analytics software, and networking. He has performed as the lead contact on many IT projects and has provided assistance with the design, integration, implementation and troubleshooting during these projects. Teddy provides project leadership and management expertise while focusing on IT security throughout diversified environments.

TeddyAnsink1.jpg
View Event →
Jun
28
11:30 AM11:30

The Role of Artificial Intelligence in Security Operations

vectra-logo.jpg
flexential-logo-press-release.jpg
 

Sponsor Overview

Vectra is the world leader in applying AI to detect and respond to cyberattacks in real time. Powered by AI, Vectra and its flagship Cognito threat detection and response platform enable the world's most consequential enterprise organizations to quickly and decisively stop hidden cyberattacks – from cloud and data center workloads to user and IoT devices. Comprehensive, enterprise-wide threat-detection coverage is mandatory in today’s hostile data environments and the stakes have never been higher. No other company comes close to Vectra in proactively hunting-down cyberattackers and reducing business risk.

Our core team consists of threat researchers, white hats, data scientists, network security engineers, and UI designers. We're passionate and committed to making a difference in a world where cybersecurity is a paramount concern, and we constantly push the boundaries of what's possible to drive the next-generation of security.

At Flexential, we believe infrastructure is more than technical—it’s personal. That’s why the best infrastructure solutions aren’t about infrastructure— they’re about people. This is an approach not often seen in the world of IT transformation. We build trusted relationships and tailored solutions that show that technology has a personal side. Flexential’s DNA has deep roots in the southeast and the west. For nearly 20 years, both Peak 10 and ViaWest helped data-intensive organizations transform IT from a cost center to an asset that helps achieve innovation and improve speed to market while also lowering risk. We joined forces in August of 2017, and rebranded as Flexential in January of 2018. Our comprehensive suite of hybrid IT solutions, coupled with the depth of our team’s experience and expertise in developing tailored solutions to meet the specific needs of our customers, are what set Flexential apart. Wherever you are in your IT transformation journey, Flexential is your partner to optimize and evolve your workloads’ performance, reliability and security.

Speaker Bio

Lee Isenman, Senior Security Sales Engineer, has been in the networking and security space for 23 years, with 15 years in telecom and 8 years in the security analytics space.

lee-isenman.jpg
View Event →
May
22
11:30 AM11:30

Hands On with Fortinet's Secure Fabric

fortinet-logo.jpg
flexential-logo-press-release.jpg
 

Sponsor Overview

Fortinet Inc. is a company dedicated to protecting the Network Security with Broad Visibility, Integrated Detection, and Automated Response through the Security Fabric.  Fortinet is an American multinational corporation headquartered in Sunnyvale, California. It develops and markets cybersecurity software, appliances and services, such as firewalls, anti-virus, intrusion prevention and endpoint security, among others. It is the fourth-largest network security company by revenue.

At Flexential, we believe infrastructure is more than technical—it’s personal. That’s why the best infrastructure solutions aren’t about infrastructure— they’re about people. This is an approach not often seen in the world of IT transformation. We build trusted relationships and tailored solutions that show that technology has a personal side. Flexential’s DNA has deep roots in the southeast and the west. For nearly 20 years, both Peak 10 and ViaWest helped data-intensive organizations transform IT from a cost center to an asset that helps achieve innovation and improve speed to market while also lowering risk. We joined forces in August of 2017, and rebranded as Flexential in January of 2018. Our comprehensive suite of hybrid IT solutions, coupled with the depth of our team’s experience and expertise in developing tailored solutions to meet the specific needs of our customers, are what set Flexential apart. Wherever you are in your IT transformation journey, Flexential is your partner to optimize and evolve your workloads’ performance, reliability and security.

Session Abstract

In this session, Fortinet Engineers will demonstrate the secure fabric and give viewers a rich, hands on experience in how the secure fabric operates and functions in a network environment.  This demonstration will simulate WAN and LAN security and network functions while showing the users how security is applied at every level and true visibility is achieved from one end to the next.  As users realize the true potential of what a security fabric operates, they will have the opportunity to interact with the technology and use their own devices to bring the infrastructure alive with real-time data.

Session Agenda

  • Lunch
  • Flexential Facility and Data Center Tour (optional but requires a valid driver's license ID and photo check-in process)
  • Fortinet Secure Fabric Demonstration Overview
  • Multilevel Security Model Setup and Configuration
  • Internal Segmentation Modulation of Firewalls (sample Engineering and Finance department)
  • Switch and AP Technology Integration and Configuration
  • Cloud Simulated Analytics, Reporting, and Monitoring
  • Client Integration and Controls
  • Cloud Simulated SandBox Technology for Protection from Zero-Day Malware

Speaker Bio

ryan-edwards.jpg

Ryan Edwards is a Senior Systems Engineer who works with Fortinet, Inc.  Ryan’s current mission is to use his extensive experience in the IT Industry to help companies reach their cyber security and threat response goals.  Ryan believes that building strong relationships and maintaining a high degree of integrity along with a strong knowledge of the current threat landscape helps him be successful in accomplishing that mission. Ryan has worked with some of the largest and most profitable companies across several different verticals.  This has enabled him to become a resident expert at seeking out areas of weakness and opportunities for improvement within these variable environments. Ryan holds a many industry certifications and holds the degree of Master of Science in Management with a focus on Information Technology. 

View Event →
Apr
17
11:30 AM11:30

5 Reasons Companies Stink at Security Risk Management

lbmc-logo.png
 

This presentation will look back at some notable failures to recognize and react to risk and explore common themes that keep security organizations from getting the most out of their assessment, analysis, and mitigation activities.

Speaker Bio

mark-fulford.jpg

With nearly 25 years of experience in information security audit and compliance, Mark Fulford, LBMC Shareholder, Information Security & Risk Services, understands how to translate technical jargon into actionable intelligence. With significant experience in healthcare, his project experience includes assisting companies with Sarbanes-Oxley, HIPAA & PCI, and HITRUST compliance, as well as providing assurance to LBMC's clients and their stakeholders through SOC 1 and 2 reporting engagements. More recently, Mark's focus has been on helping organizations identify, quantify, communicate, and manage information security risks through both guided and automated risk assessment techniques.

View Event →
Mar
13
11:30 AM11:30

The Magical Endpoint

digital-guardian-logo.jpg
 

Security practitioners already know the most prized real estate in the battle to protect sensitive data today is the endpoint. It’s why Forrester reports the average organization has upwards of ten security agents running on endpoints and up to six consoles to manage them. With already strained security and IT resources that is simply untenable and security buyers are demanding consolidation of features onto fewer agents. Fortunately, the market is responding and you’ll hear all about that in this session.

Speaker Bio

james-pic.JPG

James McCarthy, Vice President Sales, North America for Digital Guardian has 23 years of Information Technology experience, from the early days of securing the Internet, both wired and cellular, to the fast pace of change associated with Information Security threats and protective measures. James has worked with organizations from MCI to Internet Security Services, IBM, British Telecom, and Digital Guardian. James believes that among all of the talk of prevention, detection, response, artificial intelligence, machine learning, and big data analytics, there is a single and fundamental strategy to protecting corporate assets. That strategy starts with the full understanding of ‘data’ and how the organizations interacts with it.

View Event →
Feb
9
11:30 AM11:30

Fortinet's Secure Fabric Revealed

fortinet-logo.jpg
 

Come see how Fortinet's Secure Fabric Architecture delivers an intelligent and collaborative approach to solve today's security challenges. This session will focus on a demonstration of how the technology improves real-time threat visibility across the entire attack surface and will be presented by Ryan Edwards, Sr. Systems Engineer - Enterprise.

NOTE: There will also be opportunity to interact with the presentation so bring your laptop if interested.

Speaker Bio

ryan-edwards.jpg

Ryan is a diversely skilled IT professional with over 23 years of experience in the IT industry with 8 years of direct management experience and a Master of Science in Management of Information Technology degree. He is proficient at improving business efficiencies through strategic application of knowledge and experience. Ryan brings extensive infrastructure, vendor, and project management experience to bear as well as senior administration roles in networking, security, and virtualization technologies. He is an experienced leader capable of coaching and mentoring staff, guiding solution decision, generating budgetary alignment, and facilitating cross-team collaboration.

Ryan has been responsible for the development of Information Security solutions aimed at meeting regulatory compliance and business continuity requirements, recommended and developed IT security auditing processes, assessments, and improvements, alignment of organizational requirements with HIPAA, HITECH, NIST, and PCI compliance requirements, and developed vulnerability and risk assessment plans for review and planning purposes.

View Event →
Blockchain Part 2: ISACA, (ISC)2 Joint Event
Dec
6
11:30 AM11:30

Blockchain Part 2: ISACA, (ISC)2 Joint Event

blockchain.jpg

Please join us at the second 2017 joint meeting of ISACA and (ISC)2 as A.J. Bahou, Managing Member of Bahou Miller PLLC, leads a continued discussion around blockchain technology, which will be adopted in many industries and impact the practice of cyber security. Come learn more during part 2 of the fundamentals of blockchain, its potential applications in cyber security, and potential hacks.

bahouajheadshot200x200.jpg

A.J. Bahou is a trial attorney, mediator, and registered patent attorney who practices in the area of Blockchain, data privacy, cyber security, healthcare, and intellectual property law, including litigation management of patents, copyrights, trademarks, and trade secrets. He has extensive experience in all aspects of patent infringement litigation, from pre-complaint investigation through trial and appeal. Mr. Bahou has worked on cases involving varying technologies such as smart meter technology, LED displays, medical devices, computer hardware, software, Blockchain, virtual reality, and Internet security systems. He has represented clients in electronic discovery disputes, motion practice, claim construction ("Markman") hearings, PTAB trials, federal court trials and several appeals before the United States Court of Appeals for the Federal Circuit.

Mr. Bahou is Managing Member of Bahou Miller PLLC, Board Member of LaunchTN and Middle Tennessee ISSA, Chair of the Tennessee Bar Intellectual Property Law Executive Council, and past President of the Tennessee Intellectual Property Law Association.  He earned a B.S. in Engineering from Tennessee Tech, an M.S. with honors in Electrical and Computer Engineering (focusing in Networking and Data Security) from the Johns Hopkins University, a J.D. and LL.M. in Intellectual Property Law from the University of New Hampshire.

Click below to register and be sure to select at ticket for (ISC)2 Members. One hour of CPE credit will be issued to all attendees. (ISC)2 chapter members may bring one guest. If you are interested in bringing a guest, please select two tickets when making your reservation.

View Event →
Aug
25
11:00 AM11:00

ISACA/(ISC)2 Joint Event: ISACA CSX Program & Certificate Track

Please join us for a joint event with the ISACA Middle Tennessee Chapter at Nashville Technology Council's Tech Hill Commons in Nashville.  The topic of our meeting will be on ISACA's Cybersecurity Nexus (CSX) program and certification track.

Don Baham (Mid TN ISACA Board Member and President at Kraft Technology Group) will be leading the discussion.  In this session, Don will cover the CSX Certification path including the Cybersecurity Fundamentals Certificate, the CSX Practitioner Certification, and the steps beyond.  This will include a Q&A with a chapter member who passed the CSX Practitioner cert last year.

Please click below to register and be sure to select the ISC2 ticket type.

View Event →
Jul
13
11:30 AM11:30

Reporting to the Board

Join the Middle Tennessee Chapter of (ISC)2 for a panel discussion about reporting Security/Risk and overall strategy to the Board of Directors from a group that does it on a regular basis.  This discussion will be moderated by our own Nathan Wright.

Meet the Panelists

Greg Schaffer

With over 25 years of experience, Greg is a seasoned information technology and security executive proficient in information security planning and project management, information security risk assessment and mitigation, technical writing, policy and standards creation and implementation, and disaster recovery and business continuity. Currently, Greg is responsible for all aspects of information security risk management for FirstBank, the third largest Tennessee-headquartered bank. Greg’s previous information security executive roles include serving as Chief Information Security Officer for the Metropolitan Government of Nashville and Davidson County and as AVP Network and IT Security at Middle Tennessee State University.

Greg is active in the security and risk management communities and currently serves on the Board of Directors for the Middle Tennessee Risk Management Association. Previous security community leadership roles include FS-ISAC Community Council co-chair, Middle Tennessee ISSA chapter board member, and chair of the Tennessee CISO Roundtable. He holds a Master's degree in Information Systems Project Management from Middle Tennessee State University, a Bachelor of Science degree in Mechanical Engineering from the University at Buffalo, and the CISSP certification.

Clayton Weber

Clayton has more than 20 years of experience in Banking, Conversions/Acquisitions, Information Security, Risk and Technology. Clayton began his career in working as a bank proof specialist for First Commerce Technologies out of Lincoln, NE, which was later purchased by Computer Services Inc (CSI) out of Paducah, KY. In the years to follow Clayton gained a deep knowledge of all aspects of banking while holding numerous roles within those companies which included Customer Service Representative, Conversions and Implementations Specialist, Information Systems Manager and Account Manager. Since moving to Tennessee 6 years ago, Clayton has also held banking positions overseeing Information Security and Risk Management for local banks and currently serves as the Chief Information Officer at CapStar Bank in Nashville, TN. In his current role Clayton is responsible for strategic technology planning, business continuity, IT risk management, overall IT governance, information security, all IT infrastructure and applications, as well as management and administration of CapStar’s information Technology providers.

Gina.png

Gina Pruitt

Gina is the Member-in-Charge of Risk Assurance & Advisory Services with KraftCPAs. Her responsibilities include IT audit and consulting, risk management, internal audit, Sarbanes-Oxley audits, service organization control (SOC) reports, Payment Card Industry Data Security Standards (PCI DSS) compliance, network security assessments, and network vulnerability assessments.

Gina also oversees regulatory testing related to IT controls for more than 30 banks, which includes Sarbanes-Oxley testing, and attestation services for approximately 20 service organization control (SOC) engagements. She is also a National SOC Peer Reviewer for the American Institute of Certified Public Accountants (AICPA).

Gina has more than 30 years of experience. She spent 10 years in Big 4 public accounting as the partner in charge of the Nashville practice of enterprise risk services (ERS) with Deloitte & Touche. In addition, she was the Southeast Regional Director for Internal Audit Services. In this role, Gina was the Director of Internal Audit for a $1 billion retail organization. She was responsible for performing the annual internal audit risk assessment, developing the annual internal audit plan, hiring and managing more than 40 staff members, and developing and presenting audit reports to the Audit Committee and Board of Directors. Annual audits consisted of financial, operational, IT, and fully-integrated audits.

Gina also managed various procedures for all internal audit clients in the Southeast Region of Deloitte & Touche. Clients included the world's largest tire and rubber manufacturer with more than 50 plants and $2.5 billion in annual revenue as well as a nationwide restaurant and retail chain with more than 600 locations and $2.6 billion in annual revenue.

While at Deloitte, Gina was also the National Healthcare Industry Partner for ERS where she led the development of a National Healthcare Compliance consulting practice, a National NCQA Certified HEDIS consulting practice, and a National HIPAA Assessment and Implementation consulting practice.

View Event →
Jun
15
11:30 AM11:30

Enterprise Security Architecture: Aligning Security Goals with Business Goals

Enterprise security architecture is a process to integrate security as a part of business and technology initiatives handled by any organization.  When an organizational business goals and objectives are aligned with security goals and objectives, the organization can make informed decisions about business ventures and protecting organizational assets from ever-emerging security threats and risks.

In this presentation, we’ll discuss introducing ESA to organization leadership using a multi-phased approach to:

  1. Establish the current maturity level of the security program by collecting key performance indicators from the management, operations, and technical areas of the business and presenting the KPIs to leadership and business owners in terms of risk and actionable items to reduce risk.
  2. Develop a desired state of security establishing corporate risk appetite and identifying desired KPI maturity levels.
  3. Prepare a gap analysis, determine Opx, CapX, and internal labor cost for single of multi-year projects identified in the gap analysis, and develop a risk roadmap / heatmap of projects necessary to achieve maturity in the security program.

 

Speaker Bio

Frank Platt is a management consultant and security architect with 30+ years of experience as a client focused independent consultant. His consulting career began in the telecom industry when he co-founded Hospital Communications Consultants focusing on the procurement and implementation of large scale telecom systems for hospitals. He brought his consulting and project management skills to help form Cottonwood, an IT and telecom consulting firm. In 2000, he began focusing on Information Security developing security programs for clients needing to improve the security posture of their organization and in 2007 earned the designation of CISSP®(107408).

Today he evaluates and develops security programs for clients in Health Care, Finance, Legal, Manufacturing, Government, and Educational by employing recognized frameworks from NIST, ISO and SANS to meet regulatory and compliance requirements including HIPAA, FISMA/FIBS, PCI, etc.

View Event →
May
16
11:30 AM11:30

The Revolution in Information Security: What You Need to Know Now

The field of information security is changing extremely rapidly.  Think cloud, devops, automation, BYOX, etc.  Some jobs are going to go away, some new jobs will be created.  The question is:  how do you stay relevant?  The first half of this meeting will be a presentation of the speaker’s recent experiences and insights riding this transformation wave.  The second half will be group discussion of questions related to staying relevant, new career opportunities, and so forth.  Bring your brainstorming hat and share your ideas with chapter members!

Speaker Bio

Dr. Frederick Scholl has had multiple careers in engineering research, entrepreneurship, legal, academia, and enterprise business.  Since 2005, he managed security for Nissan Americas, taught information security at Vanderbilt and Lipscomb, and served as expert witness on risk management.  Currently he is an Executive Consultant for Carson, Inc.  providing security services for state and federal agencies and private industry.
 

Sponsored By

Since its inception in 1998, SAINT Corporation has been developing innovative software solutions for information security. Originally known as SATAN, the application evolved into what is now known as SAINT Security Suite. High-level government agencies, universities and financial institutions continue to rely on SAINT products and services to manage information security risk and compliance.

We believe that properly protected technology and sound security practices allow our clients to safely conduct business, communicate within communities, execute financial transactions and confidently share information.

Our vision is to deliver innovative solutions that meet our customers’ needs, at a price point that is competitive in the market, and act in partnership with our customers to meet the ever-changing threats to critical information and IT assets.

View Event →
Apr
25
4:30 PM16:30

Panel Discussion - Security Analytics and Threat Response

  • Ezell Center at Lipscomb University (map)
  • Google Calendar ICS

Please join us at Lipscomb University's Ezell Center for a Security Panel Discussion on the topic of Security Analytics and Threat Response.  This event is hosted in conjunction with Women in Technology of Tennessee.

Moderator

Sarah Kennedy
Security Vulnerability Engineer at HCA
Director of Membership at ISC2 Middle TN

Sarah Kennedy currently works at HCA, Inc. as a Security Vulnerability Engineer. She received her Master’s in Information Security from Lipscomb University and she received her undergraduate degree in Telecommunications Systems Management from Murray State University. In her free time she enjoys SCUBA diving, singing, reading fantasy and SciFi books, playing video games, and traveling.

Panel Participants

Ambareen Siraj, Ph.D. is the director of the NSA/DHS accredited Cybersecurity Education, Research, and Outreach Center at Tennessee Tech University (TTU) and associate professor with the department of computer science at TTU. She is also founder and chair of the Women in Cybersecurity (WiCyS) Initiative. Her research is in the areas of situation assessment in network security, secure communication in smart grid, and security education. She holds a PhD in computer science with a concentration in information assurance from Mississippi State University. She is the program director of NSA/NSF Gen Cyber Camps at TTU. She leads several NSF Projects including “Tennessee Cybercorps: A Hybrid Program in Cybersecurity.”

Michael J. Mangold, CISM Vice President, Information Security at Tractor Supply Company

Michael is an IT professional with over 10 years’ experience in IT operations and information security.  Currently Michael is Vice President, Information Security for Tractor Supply Company.  He is responsible for all aspects of Tractor Supply Company’s information security program including setting the information security strategy, risk management and compliance, implementation of security policies and supporting solutions, security operations, and business continuity and disaster recovery planning.

Prior to joining Tractor Supply Company, Michael led the Healthways’ Information Security group and was responsible for Enterprise Security for the Company.   Areas of responsibility include risk management and compliance, security architecture, security operations and policy administration. Michael joined Healthways in 2005 as a Programmer/Analyst.  Michael has held roles in IT operations management, system design and implementation, and information security.

Michael holds a Masters’ degree in Computer Information Systems from Middle Tennessee State University. His professional certifications have included Certified Information Security Manager, Certified Ethical Hacker, Security Essentials Certification from GIAC, Cisco Certified Network Associate (R/S and Security), and Security+.

He is a member of the local ISACA and ISSA chapters.  Michael co-authored “Proactive Incident Response” published in the February, 2011 edition of the ISSA Journal.

Michael is also active in his community serving on the Metro Nashville Information Security Advisory Board and Nashville INFOSEC conference chair.  Previously, Michael severed as Sponsorship Director for the Middle TN ISSA and a soccer coach for the local YMCA.

Anca Pop is an information security, compliance and IT consultant. She is the managing principal consultant for Striker Advisory which has three different lines of business: strategic business alignment services, technology solutions and information security services. She has expertise in leading security and risk assessment projects, technology refresh projects, IT governance initiatives and policy and procedure documentation engagements. She also has expertise in technical project and project management and technical product development and management.

She most recently served in the role of Director of Product Development for Cybera, a leading provider of secure application networking services, where she performed high-level analysis of technology market trends and development of market strategies.

Additionally, Pop has served two of the nation’s leading healthcare companies. She has held the positions of Manager of Information Security as well as Director of Business Management for Platform Services for Emdeon, where she ensured regulatory compliance within the healthcare and claims processing arenas as well as IT Service Management and Compliance. With Hospital Corporation of America (HCA) Anca held the role of Senior IT & Compliance Auditor, where she led technical quality and compliance efforts, with particular focus on vendor reviews. She diligently uncovered opportunities to enhance processes, while cultivating relationships within the Information Technology and Services (IT&S) group to align business objectives with technology practices.

Pop holds a Masters of Business Administration (MBA) from Vanderbilt University - Owen Graduate School of Management, a Bachelor of Business Administration (BBA) in Computer Information Systems from Eastern Michigan University, an Associate degree in Computer Science from Washtenaw Community College, as well as an Associate in Engineering, Electrical Engineering from Universitatea Tehnică din Cluj-Napoca.

Joey Johnson is Chief Information Security Officer at Premise Health, provider of large employer sponsor health and wellness centers for employees. Joey is responsible for leading all organizational efforts related to security operations and engineering, information technology and security compliance, identity access management, policy development, security audit, and vendor risk management to meet challenging security and compliance demands. In his six years with Premise Health, Joey has been instrumental in implementing a proactive security and risk management environment focused organizational risk awareness that is transformative in the healthcare industry. He successfully launched a cutting-edge vendor and business associate maturity development program that dynamically empowered business partners of various scales and complexity to meet challenging security and compliance demands. Additionally, he has worked to develop a team driven by passion in security, with a focus on empowering and fostering women in the security field. In 2016 Joey was presented CISO of the Year award by the Nashville Technology Council. He has also been nominated as a finalist for the TEN I.S.E 2017 Southeast CISO of the Year to be announced in March 2017.

Prior to joining Premise Health, Joey was the Chief Security Officer for the United States Department of Commerce, Office of Computer Services. He has over 15 years of experience in the cyber-security industry including leadership roles in both the public and private sectors, with a focus on organizations in the federal government, information technology, healthcare, and transportation industries.  Outside of Premise Health Joey maintains an active leadership presence in the healthcare cyber-security industry participating in numerous steering and advisory committees with the National Healthcare Information Sharing & Analysis Center (NH-ISAC), various threat intelligence and sharing groups, security news groups, and private/public sector partnerships. He serves on the Editorial Board for the Journal of Law and Cyberwarfare helping to shape the future national and international regulatory landscape around cybersecurity, and also works as a senior advisory member on the E-Health Initiative Federal Executive Advisory Board on Privacy & Security. Joey additionally works as a technical advisor with various security & technology investment organizations and product companies, as well as frequently serving as a speaker at numerous security industry events.

View Event →
Mar
30
11:30 AM11:30

Uncovering the Ugly Mask of Malware

Sword&Shield.jpg

Sword & Shield Cyber expert, Joe Gray presents an insider’s vantage point on malware and shares how it is infecting networks.  Found in emails and web browsers, Joe will share examples of this persistent threat and further awareness of its “ugly” nature.  Come and see demonstrations of cyber security’s worst... ransomware

Brent Cantrell.jpg

Speaker Bio

Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is an Enterprise Security Consultant at Sword and Shield Enterprise Security in Knoxville, TN. Joe also maintains his own blog and podcast called Advanced Persistent Security. He is also in the SANS Instructor Development pipeline, teaching SANS Security 504: Hacker Tools, Techniques, Exploits, and Incident Handling. In his spare time, Joe enjoys reading news relevant to information security, attending information security conferences, contributing blogs to various outlets, bass fishing, and flying his drone.

View Event →
Feb
15
11:30 AM11:30

Technical Analysis of Ransomware/Exploit Attacks

Best Practices in NextGen Protection, Detection and Response

 

Ransomware threats like Cryptowall, TeslaCrypt and Locky are on the rise, targeting organizations of all sizes.  Explore how these attacks work and why a large number of new infections continue to surface despite existing protection measures.  Join Sophos and take a deeper look, including live Ransomware attack demonstrations, at how NextGen solutions like Sophos’s InterceptX provide the most effective alternative to the traditional “Protect, Detect, and Respond” endpoint model.

Speaker Bio

Mark Holobach is an Enterprise Sales Engineer and Technical Lead for Sophos Strategic Accounts in the U.S.  A respected industry veteran since JCL, X.25 and Cobol were the hot words of the day,  Mark has held various Network, Mobile and Endpoint security positions at companies such as Dell/SonicWall and Citrix prior to Sophos.  His energetic yet no-nonsense approach in helping clients understand the depth and breadth of today’s complex exploit driven environment makes him a client favorite.

View Event →
Jan
24
11:30 AM11:30

Mitigate Risks from Security Holes Using Wire Data

How to use wire data analytics to build a progressive cybersecurity plan


The risks caused by advanced security threats are echoing across corporate boardroom suites. Business leaders are keenly aware of the huge risks caused by security threats and it’s clear perimeter based security tools aren’t enough to effectively deal with today’s hackers.

What you may not know is that most of hacker intrusions come through one of three vectors - - email, a web site, or removable media. Once a hacker is in your network, their goal is to create backdoors, get a stronger foothold, and make it hard for you to detect them all the while they navigate to the data they want.

You need to know your network better than a hacker. The ability to continuously monitor communication between systems inside your network, referred to as ‘east-west’ traffic, is a huge part of knowing your network better than any hacker.

If your team is relying on endpoint protection and antivirus software they won’t protect against methods hackers use to gain control.

Topics of Discussion

  • How to detect ransomware activity across all NAS systems, file shares, shared drives

  • Use of DNS surveillance to identify malware and exfiltration

  • See and search on who received malicious files and the IP addresses hosting malware

  • Why look to unmatched visibility into East-West and North-South traffic

  • Best practices to detect and stop attacks within minutes

  • And more!

Speaker Bio

Kanen Clement is an experienced systems engineer based out of Nashville, TN with a degree in computer science and a strong background in Healthcare IT operations and higher education. Prior to joining ExtraHop Kanen worked as a Systems Architect for a large healthcare system. He prides himself on having a broad technical skill-set and a knack for problem-solving. Most of all, he enjoys exploring the world of wire data with his customers and watching their reactions to the unbelievable insights it provides.    He is a frequent contributor to ExtraHop white papers using real world experience.   His most recent article details using Extrahop’s Ransomware Detection Bundle and Precision Packet Capture to recover encrypted files and can be found here: https://www.extrahop.com/community/blog/2016/recover-ransomware-encrypted-files-from-packet-capture/

View Event →
Dec
6
11:30 AM11:30

Emerging Threats… Proactive Thoughts for 2017

udt-logo.png

Join the Middle Tennessee (ISC)2 Chapter and Manny Fernandez of United Data Technologies for lunch and InfoSec discussion at our December 2016 meeting..
 

Speaker Bio

Manny Fernandez is a technically sophisticated and business-savvy professional with strong career reflecting certifications coupled with “hands-on” Information Systems and networking expertise.  He is dedicated to InfoSec and its related competencies in Security management practices, Operations security, Physical security, Business continuity and disaster recovery planning, Access control systems and methodology, as well as Cryptography.  He has over 25 years in Information Technology, of which 15 have been exclusively in InfoSec.

View Event →
Oct
20
11:30 AM11:30

Mobile Threat Defense

Skycure offers the most complete, accurate and effective mobile threat defense solution, delivering unparalleled depth of threat intelligence to predict, detect and protect against the broadest range of threats.  Skycure's predictive technology uses a layered approach that leverages massive crowd-sourced threat intelligence, in addition to both device- and server-based analysis.

Speaker Bio   John Dickson is a results driven, business focused IT Cyber-security and Infrastructure Director with 20 years of experience and a proven track record of translating business requirements into functional systems for a seven billion dollar enterprise.  John is known for his ability to collaborate with both business leaders and IT professionals in order to transform and securely align Information Technology with corporate goals.  John is also a CISO Coalition Atlanta Governing Board Leader and presents information at multiple CISO/CIO summits and vendor sponsored knowledge sharing sessions.  Presentation topics include “Defense in Depth” strategies for securing enterprises, The Role of Education in Information Security, Network Anomaly Detection and Emerging Mobile Threat Vectors.  Outside of the Office, John enjoys motorcycling, high performance driving, and spending time with his family, usually at the side of a soccer field.

Speaker Bio

John Dickson is a results driven, business focused IT Cyber-security and Infrastructure Director with 20 years of experience and a proven track record of translating business requirements into functional systems for a seven billion dollar enterprise.

John is known for his ability to collaborate with both business leaders and IT professionals in order to transform and securely align Information Technology with corporate goals.

John is also a CISO Coalition Atlanta Governing Board Leader and presents information at multiple CISO/CIO summits and vendor sponsored knowledge sharing sessions.  Presentation topics include “Defense in Depth” strategies for securing enterprises, The Role of Education in Information Security, Network Anomaly Detection and Emerging Mobile Threat Vectors.

Outside of the Office, John enjoys motorcycling, high performance driving, and spending time with his family, usually at the side of a soccer field.

View Event →
Aug
31
11:30 AM11:30

Cloud Security Roundtable

Join the Middle Tennessee ISC(2) chapter for a roundtable lunch discussion around Cloud Security. This session will be an open discussion with chapter members and guests lead by the chapter board members. Please feel free to bring other questions relevant to the discussion and we will attempt to include them. Below are the initial list of questions which will be discussed:

  1. Do you trust cloud vendors more or less with your data then your internal network?
     
  2. Who should control the encryption keys? Customer or Cloud Provider?
     
  3. Is a Cloud Access Security Broker (CASB) your best choice to secure data in the cloud?
     
  4. Challenges with site audit requests of cloud vendors
     
  5. What extra steps should be taken if the cloud vendor providers services through another vendor’s platform and should they tell you this?
     
  6. Healthcare companies seem to be slower moving to the cloud, is this more a result of BAA agreement issues or data control?
     
  7. What is the best method to keep users from downloading or accessing data on non-managed endpoints?

 

Lunch and beverages will be provided.

View Event →
PCI Compliance in the New Reality
Jun
24
11:30 AM11:30

PCI Compliance in the New Reality

Chris Gida has more than 10 years of experience working in the IT and Information Security arena, helping clients align their security goals with security best practices/regulatory and industry standards . His experience reaches across multiple industries including healthcare, retail, education, and manufacturing. Chris has held the titles of Security Consultant and IT Audit roles with Solutionary, Humana, and Brown Forman. 

View Event →
May
26
11:30 AM11:30

Common Penetration Testing Tools, Tactics, and Procedures

Penetration tests are designed to show the impact of successfully exploiting a vulnerability or end user. Attackers can take complete control of a Windows domain by establishing full administrative rights to networks resources. This access can then be used to steal your organizations crown jewels, the thing that makes your organization money. This talk will introduce common attack paths used to compromise a domain. Additionally, a brief introduction to the tools used to perform some of these common attacks will be covered. This presentation will conclude by providing information on mitigating or detecting these common attacks. The audience will be provided with an opportunity to ask any questions, even if they’re not related to the presentation.

RUSSEL VAN TUYL

Russel Van Tuyl is a security analyst for Sword & Shield Enterprise Security. His primary role is conducting network vulnerability assessments and penetration tests but also performs web application assessments, firewall configuration audits, wireless assessments, and social engineering. He has more than 10 years of experience in the technical field in roles such as database design, field device support, help desk, IT asset management, programming, and information security.

Sword & Shield Enterprise Security, Inc. is the premier holistic information security service provider.   With solutions designed to meet the needs of a dynamic security and compliance landscape, we deliver evaluation, remediation, and ongoing monitoring and management to ensure your organization maintains the most comprehensive security posture possible.

Sword & Shield Enterprise Security, Inc. is the premier holistic information security service provider. 

With solutions designed to meet the needs of a dynamic security and compliance landscape, we deliver evaluation, remediation, and ongoing monitoring and management to ensure your organization maintains the most comprehensive security posture possible.

View Event →
Organizational Threat Management: An Illustrated Conversation
Mar
24
11:30 AM11:30

Organizational Threat Management: An Illustrated Conversation

Organizations are faced with a barrage of security threats from operational security events such as commodity malware to responding to advanced attackers. Understanding these and other threats while enabling a team to respond accordingly, within the business’s processes, is a key component for success.

Tyler will discuss organizational threat management through illustrated conversation related to tools, techniques and their relationship to process and metrics. Through this, a team can develop an understanding of how to respond to security events within their organization.

Speaker Bio

As Vice-President of Security Architecture, Tyler Mullican brings over 10 years of information security experience to Fortress Information Security. Tyler has worked with customers to provide a security focused approach to meet business objectives. Leveraging his experience in threat response, process improvement, and security operations, he aligns Fortress Information Security’s products with customers’ needs.

Providing subject matter expertise in security technologies and operations, Tyler combines hands on experience in disciplines including development, malware analysis and detection, incident response, and compliance when discussing security goals.

Tyler has authored several articles on a range of information security subjects and contributed to various not-for-profit security organizations. Graduating with his master’s degree in Business Administration from Ashford University and his bachelor’s degree in Information Systems Security from ITT Technical Institute, Tyler has successfully combined business and technical skills both professionally and academically. Obtaining numerous certifications, including Certified Information Security Systems Professional (CISSP) and those related to the administration and use of several security solutions, Tyler offers a comprehensive approach to security challenges.

View Event →
Feb
23
4:30 PM16:30

Cyber Crime 2016: Is My Organization Safe?

  • Baker, Donelson, Bearman, Caldwell & Berkowitz, PC (map)
  • Google Calendar ICS

Women in Tennessee Technology (WiTT) and
ISC2 Middle Tennessee are pleased to present:

Cyber Crime 2016:
Is My Organization Safe?

Supervisory Special Agent Scott E. Augenbaum of the Federal Bureau of Investigation’s Computer Intrusion/Counterintelligence Squad leads aggressive Nashville-based Outreach and Strategic Partnership programs designed to prevent organizations from falling victim to cyber crime.

Over the past seven years, Augenbaum has conducted hundreds of computer intrusion threat briefings with the goal of educating the community on emerging computer intrusion threats and how to not to be the victim of a data breach.

SSA Augenbaum will share his unique perspective and first-hand experiences at this event.

SSA Augenbaum started his career with the FBI in the New York Field Office in 1988 as a support employee in the Financial Management Section and became a Special Agent in 1994. He was first assigned to the Syracuse, New York Office, where he worked domestic terrorism, white collar and hate crimes, and all computer crime investigations. In October 2003, he was promoted to SSA at FBI Headquarters, Washington D.C in the Cyber Division, Cyber Task Force Unit and was responsible for managing the FBI’s Cyber Task Force Program as well as the Cyber Crime and Intellectual Property Rights Program. In 2006, he was transferred to Nashville, TN and manages the FBI Memphis Division Computer Intrusion/Counterintelligence Squad and manages a staff of seven investigators.

Date: February 23, 2016
Networking:  4:30 pm to 4:55 pm

Meeting: 5:00 pm to 6:00 pm  

Location:
Baker, Donelson, Bearman, Caldwell & Berkowitz, PC,  
211 Commerce St, Nashville, TN 37201

Refreshments provided by UL (Pure Works).
Venue provided by Baker, Donelson, Bearman, Caldwell & Berkowitz

View Event →
Dec
15
11:00 AM11:00

ISACA/(ISC)2 Joint Event: What are We Missing in Preventing Info Sec Breaches?

Speakers: Jacob Arthur and Timothy Agee, FDH Consulting, LLC

Jacob Arthur currently serves as Director of Security and Technical Services for FDH Consulting, LLC.  His expertise includes Information Security Governance and Management, Penetration Testing, Social Engineering, Intrusion Detection and Response, IT Risk Assessment, Business Continuity, PCI, and HIPAA.

Jacob is a Nashville, Tennessee native and received both a M.Acc. and B.S. in Computer Science from Lipscomb University in 2008.  He is also currently a Ph.D. Candidate at Nova Southeastern University with a specialization in intrusion detection.  Prior to joining FDH, Jacob was the owner of an independent consultancy focused on systems management and security.  

Timothy Agee currently serves as Director of IT Risk and Compliance for FDH Consulting, LLC.  His expertise includes IT Audit, IT Risk Assessment, Information Security, Regulatory Compliance, Business Continuity, PCI, HIPAA, and Systems Implementation.

Timothy is a native of Lebanon, Tennessee and received his B.S. in Computer Information Systems from David Lipscomb University in 1996.  Prior to joining FDH, he also served as the Director of Information Services for Saint Thomas Cardiology Consultants and the Director of Information Systems for Gospel Advocate Company.  Timothy currently serves as President of the Middle Tennessee Chapter of the Information Systems Audit and Control Association (ISACA).

Session Description: Virtually every week now brings with it a new headline for "Largest Breach Ever".  Yet according to Gartner, Information Security spending increased 20% in 2013, almost 10% in 2014, and is expected to set records again in 2015.  With ever-increasing resources being spent on security, executive management continues to ask, "why do breaches keep happening?"  At the core, many of the investments our companies are making in security may be focusing on the wrong things, and missing the opportunity to implement low-cost but high-impact security controls that would meaningfully reduce the likelihood of breaches.  We invite you to come explore some recent breaches with us and join the discussion on some obvious places where companies missed the boat on what was most important. 

Date/Time: December 15, 2015, from 11:00am to 1:00pm (lunch to be provided). The presentation will start promptly at 11:30AM.

Location: Tractor Supply Company, 5401 Virginia Way, Brentwood, TN 37027

CPE: One hour of credit will be issued to all attendees.

Guests: ISACA and ISC2 chapter members may bring one guest. If you are interested in bringing a guest, please select two tickets when making your reservation.

View Event →
Nov
5
11:30 AM11:30

The Privileged Pathway: Securing and Auditing Privileged Accounts Using CyberArk

  • Jackson National Life Insurance (map)
  • Google Calendar ICS

Privileged Accounts-accounts that have above average permissions are prevalent in every organization. These built-in, shared, and privileged personal credentials are targets for advanced persistent threats and can present a significant audit challenge. CyberArk will provide a comprehensive look into the process of discovering, securing, and auditing these accounts and discuss best practices regarding methods to secure the keys to the IT kingdom.

Speaker Bio

As a Systems Engineer for CyberArk covering the Southeast United States, Mitch Rosen serves as a technical adviser and subject matter expert on privileged account security.

View Event →
Oct
21
11:30 AM11:30

Hunt or Be Hunted

Until you are actively engaged in hunting down the presence of adversarial elements on your network, you can expect to stay in a reactive posture, behind the attacker. Join us to see a live demonstration of the world's first fully automated Malop hunting and behavioral analysis engine and see how Cybereason is helping organizations across the globe stay in front of their adversary by giving them full visibility into the enterprises they protect. Here, you will learn what the term Malop (Malicious Operation) means and why it has become the single most important concept every cyber security professionals need to understand today. You will see how Cybereason is being used in three key detection scenarios:

  1. Finding the known
  2. Incriminating the 'unknown' with the 'known'
  3. Detecting the unknown

Presenter Bio

dan_mitchell.jpg

Dan Mitchell has been a security practitioner for over 17 years where he has primarily focused on helping organizations detect and prevent malicious digital intrusions. He is currently a Senior Systems Engineer at Cybereason where he is at the forefront of working with state-of-the-art endpoint detection technology. Dan has dedicated his career to learning, researching, developing and evangelizing the application of artificial intelligence in security as a way to gain strategic advantage over the adversary. Prior to joining Cybereason, Dan had done extensive work as a Security Data Scientist at companies such as ThreatConnect, Recorded Future and RSA. When not working, Dan enjoys solving math problems, making music, writing code, reading and spending time with his wife and 3 beautiful children.

View Event →
Sep
23
11:30 AM11:30

Attack, Defense, and a Crystal Ball

In the past several years a growing list of computer breaches have scarred numerous US entities from financial industries, health care providers, and the entertainment industry. Adam Keown will provide direct experience about the impact of these breaches from his time in the FBI and more recently as a private consultant at TEKsystems. He will discuss attackers methods of attack, defensive measures for reducing risk, and briefly look into a crystal ball.

Presenter Bio

Adam Keown is a Security Architect in the Information Security Practice of TEKsystems. His role is providing information security consulting for the enterprise market. He provides consulting in financial, healthcare, manufacturing, national infrastructure and government. TEKsystems clients include 82% of Fortune 500 companies.

Adam's previous experience includes over 10 years as a Special Agent with the FBI in Washington, DC and Louisville, KY. He has provided expert witness opinions on technology in federal cases and media relations. He has lead cyber investigations involving terrorism, national security, criminal intrusion, child exploitation and fraud. He was also Director of Information Systems at North Georgia Electric and received his bachelor's degree in computer science from the University of Tennessee at Chattanooga.

View Event →
Aug
20
11:30 AM11:30

The Advent of Self-Protecting and Self-Governed Data

Since ChoicePoint’s first big data breach back in 2005, additional focus has been placed on protecting sensitive corporate information assets.  Many industry leaders are suggesting transition towards self-protecting, self-governing data to sustain any credible level of security in the future.  How would self-protecting, self-governing data change the way you do business?

We will present our technology that ensures the future of data assurance. In this discussion, we will explore why current technologies and methodologies are insufficient, how a new approach such as self-protecting data might look, and what the benefits would be to both corporations and consumers.

SertintyONE provides software that uses advanced authentication methods and our unbreakable exchange protocol to protect your data – independent of operating systems, with intelligence integrated into your data file. Data with real intelligence embedded within the data itself – we call it SertintyONE.

SertintyONE’s secure data protection software uses a data-centric, context-aware platform to protect data regardless of location, hardware, hosting model or user. Our software embeds intelligence into the data file itself. So it contains all the rules and access controls to dynamically protect the data and eliminate cyber-threats in use, in transfer or at rest. Our software converts your data files into a form we call SertinyONE SmartData to ensure that the right users have access to the right information, in the right context at all times.

We will be happy to take questions probing into how our technology works, protection of embedded encryption keys, and any others by the audience.

Presenter Bios

Bradley Lide, SertintyONE Director of Business Development, Sr. Projects Manager, has over 35 years of management and field experience in both the IT and physical security industries, in both enterprise and retail environments.  Previously, Mr. Lide served as President of CyberAngel Security Solutions, and became known as a subject matter expert on mobile device security, authentication, data encryption and device tracking methodologies.  Mr. Lide is a founding member of the Middle Tennessee InfraGard Members Alliance, serving as secretary, vice president, and four consecutive terms as president.  He also recently served a three-year term on the InfraGard National Board, and currently serves as chair of the InfraGard National Members Alliance Awards committee.

Douglass Berg, SertintyONE Solutions Architect, is a Certified Information Systems Security Professional (CISSP) with 20 years of experience.  He has extensive government experience in developing information security programs, writing enterprise security architectures and conducting security assessments (over 100).  In the commercial space, Mr. Berg has been responsible for developing and maintaining enterprise security policies on various network devices – firewalls, load-balancers and proxy servers.  He has worked diligently with business owners to understand their technical needs to ensure security requirements were properly embedded in their technical solution. He has also designed and implemented data center security architectures.

View Event →
Complexity to Clarity: Bringing Speed, Transparency, and Automation to Threat Event Analysis
Jul
23
11:30 AM11:30

Complexity to Clarity: Bringing Speed, Transparency, and Automation to Threat Event Analysis

ones-and-zeroes.gif

Having every preventative tool in the shed has not been able to stop attacks or breaches which is evidenced by the nearly daily reports we’re all seeing. Containment through early discovery, rapid triage and investigation, through to mitigation and remediation and the disruption of the "Cyber Kill Chain" is our new Nirvana.

How can big data and cyber analytics deliver on the promise of "Actionable Intelligence" and increase the operational tempo of Security Operations and Incident Response Teams? We'll show you how the DoD has reduced their MTTR (Mean-Time-To-Resolution) and increased their efficiency and effectiveness by 30X.

Presenter Bio

Lee Isenman is a Senior Sales Engineer at Novetta. Lee has 20 years of professional experience, including 15 years with a major telecom services provider. Lee has spent the past 5 years in the cyber-security space where he's helped match customers with the right tools to protect against cyber threats.

lee-isenman.jpg
View Event →
Jun
18
11:30 AM11:30

Deep Security

deep-security-diagram.jpg

As a 26 year security leader and innovator, Trend Micro’s Deep Security Solution is architected in partnership with VMware and various Cloud Service Providers and delivers a complete security platform for physical, virtual and cloud environments for businesses of all sizes.  The Deep Security software promotes a proactive and comprehensive security posture without compromising performance.  Deep Security is highly automated, highly scalable and allows for simple and easy management from a single console.  Our integration with ESX/NSX and various Cloud providers (AWS, Azure, etc.) is second to none.  Deep Security’s agentless support for both file (anti-malware, file integrity monitoring) and network security controls (intrusion detection and prevention) give us a unique edge over other security companies in the market.  The Deep Security Enterprise suite includes the following modules:   Anti-Malware – Intrusion Prevention – Host Firewall – Log Inspection – Integrity Monitoring – Application Scanning – Data Protection.  For more information or a demo, feel free to contact Brian Hoover @ brian_hoover@trendmicro.com.

Speaker Bio

Christian Fontaine served as CISO at the University of Guelph at Humber in Canada.  He has also served as a private security consultant for the Canadian police agencies.  Chris currently resides in Tampa, FL and has been employed at Trend Micro for over 8 years.  Chris currently serves as a Sr. Security Engineer for the Southeast region and works with Fortune 500 companies in North America during the pre and post sales process to understand and deploy Trend Micro solutions.  Chris also sits on several strategic security committees at Trend Micro that evaluate and architect solutions that meet current demands for virtual and cloud environments.

Chris has been involved in digital investigations up to the international level, specifically in the areas of steganography and cryptography use in cyberterrorism activities. Chris has a strong conviction that security concerns are best addressed by well-prepared and security-focused individuals.  Information security, like everything else, is a human enterprise and is influenced by factors that impact the individual. It is well known and documented that the greatest information security danger to any organization is not any individual process, technology, or equipment; it is the people who work within the 'system' that can mask the inherent danger.

Chris enjoys being involved in security training, education, motivation, and awareness activities. He is especially interested in the psychology of security awareness and influence – The Science of Persuasion and Influence – and the tripartite model of Security ABCs (Affect, Behavior, Cognition). 

View Event →