Information Systems Security Association

Los Angeles Chapter, cybersecurity, InfoSec, CISO, Privacy

Technology Director

February – Joshua Jacobson

By

February2020_SpeakerSlidesDownload

Topic: Taking The Bugs Out of Bug Bounty

Bug Bounties are the new big “thing” in infosec with a diverse group companies of all sizes jumping in. While these programs can be highly effective, it is easier said than done. Using his experience building and running Aviation’s first bug bounty program, Josh discusses his trials and tribulations implementing a first of its kind Bug Bounty program. By the end of this talk you will know what to anticipate, do, and avoid while building a Bug Bounty program to be as successful as possible right out of the gate.

Speaker: Josh Jacobson

Josh is an ethical hacker and researcher based out of Los Angeles California. He began his career as an ethical hacker with a focus on internal and wireless network penetration testing before taking on application security. In his previous role at United Airlines he designed, built, and managed aviation’s first public bounty program which subsequently won multiple awards. While at United also lead digital forensics and conducted Aircraft and Avionics research as an ethical hacker. Josh now oversees vulnerability management for Sony Pictures Entertainment.

January – Andy Kim

By

January2020_SpeakerSlidesDownload

Topic: All Eyes On You: Cyber security in the Age of Innovation

Digital Transformation and Innovation are profoundly impacting the way businesses operate today. Time to market, speed, and agility are necessary requirements just to stay competitive in today’s marketplace. But, just as businesses are moving  fast into the future, cyber threats continue to multiply exponentially, challenging cyber security professionals and the businesses they support. What can cyber security professionals do given these seemingly incompatible objectives and how can they position the business for success? In this session, we’ll cover the reality of digital transformation, the impact of privacy, and the importance of the customer journey among many others topics that will position your cyber security program for success in 2020.

Speaker: Andy Kim, CISO eBusiness, Allstate

Andy is a strategic business partner to the C-Suite, implementing business vision within acceptable business risk. He is an avid technologist with the understanding that cyber security risks are fundamentally a human problem. A conclusion he has drawn from successfully implementing information security programs across heavily regulated industries including banking, investments, insurance, and healthcare for the past 18 years. Andy currently serves as the CISO for the digital brands and innovation businesses at Allstate. Andy helps insurance innovators deliver their capabilities in the cloud, while managing risk within acceptable tolerances.

Previously, Andy led the Risk Solutions group at Neustar. As Director, he supported multi-million dollar anti-fraud deals involving the internet and call center consumer channels for the top 10 financial institutions in the US. As a thought leader, he has been featured on American Banker http://pages.marketing.americanbanker.com/20180208_abp_neustar_ws_lp.html?source=client and has had published thought leadership blogs on identity and GDPR: https://www.risk.neustar/blog/authors/andy-kim

Before Neustar, Andy served as Director of Technology Risk Consulting Services at FIS (NYSE: FIS), in the Risk Information Security and Compliance business, which attained the #1 ranking in the Chartis RiskTech 100, where he was responsible for leading a team of subject matter experts that provided expert advisory and consulting services focusing on fraud, digital crime and cybersecurity to hundreds of financial services clients in the U.S.  He also led the design and product marketing of CyberForce, an innovative next generation fraud and cybersecurity anomalous activity detection solution in the U.S. and EMEA markets.  

Other positions include CISO of a large regional bank in Los Angeles, CISO supporting the CTO and CIO of a major US bank, CISO and HIPAA Security Officer at a pharmacy benefit management software company, Americas Security Officer of one of largest asset management firms, and Group IT Risk Officer to the third largest insurance company in the US.

Andy is highly regarded in the industry for his subject matter expertise and thought leadership and is a frequent speaker at industry conferences.  He also holds multiple certifications such as CGEIT, CISA, CISSP, CISM, ISSAP and ISSMP. 

December – Neil Daswani

By

Topic: The Biggest Breaches And What They Mean For The Future Of Cybersecurity Investment

This talk covers the key lessons learned and root causes from the biggest mega-breaches over the past several years, and analyzes their correlation to the over $45 billion invested in cybersecurity thus far. Based on hard data of over 4,000 cybersecurity companies that have been funded thus far, and what they have focused on to-date, some hypotheses on where future investment is required will be presented. Whether you’re interested in how your current company is positioned for the future of cybersecurity, considering a job change, or even potentially starting a cybersecurity company yourself, this talk will arm you with the information that you need about the security landscape, both on the business and technology fronts. Future trends in cybersecurity will also be discussed.

Speaker: Neil Daswani

Neil Daswani is currently an Executive-in Residence at Trinity Ventures, and is a Co-Director of the Stanford Advanced Security Certification Program. He has in the past served in a variety of research, development, teaching, and executive roles at Symantec, LifeLock, Twitter, Dasient, Google, NTT DoCoMo USA Labs, Yodlee, and Bellcore. Neil has been both a security entrepreneur having co-founded Dasient which was acquired by Twitter, and has also served as a Chief Information Security Officer at LifeLock and at Symantec’s Consumer Business Unit. His DNA is deeply rooted in security research and development, he has dozens of technical articles published in top academic and industry conferences (ACM, IEEE, USENIX, RSA, BlackHat, and OWASP), and he has been granted over a dozen U.S. patents. Neil is also co-author of “Foundations of Security: What Every Programmer Needs To Know” (http://tinyurl.com/33xs6g), He earned Ph.D. and M.S. degrees in Computer Science at Stanford University, and he holds a B.S. in Computer Science with honors with distinction from Columbia University.

November – Michael Gold

By

Topic: California Consumer Privacy Act (CCPA)

MAG-CCPA-Slides-November-2019Download

The California Consumer Privacy Act of 2018 is the most comprehensive law of its kind ever enacted in the United States, setting forth rules for companies that buy, collect, transfer or sell consumers’ personal information. Because of the size and reach of the California economy – the 6th largest in the world – and the number of companies that may need to comply – estimated at about 500,000 worldwide – the CCPA is effectively a national, if not international, law. This program will address the salient features of the CCPA, who must comply, the new rights consumers have under the CCPA, legal exposures for violations, likely impacts of the law, and what companies should do to comply with the law.

Speaker: Michael Gold

Michael Gold is co-chair of JMBM’s Cybersecurity and Privacy Group and counsels businesses in a wide variety of matters, including data breach responses and investigations, crisis management, development of computer-based information retention systems, forensic investigations of computer systems, and computer and internet privacy matters.

Michael assists clients in developing and implementing information management and governance best practices and developing policies and compliance structures for protecting personal and company information. He counsels clients on information security and privacy law compliance issues; assists clients in developing policies and processes to comply with information security and privacy laws (including the E.U.’s General Data Protection Regulation, the California Consumer Privacy Act of 2018, and other state and industry-sectoral privacy laws in the U.S.); negotiates technology agreements relating to information security and privacy; and defends litigation and arbitrations, including class actions, arising from data breach and privacy claims.

Michael was named one of California’s “Top 20 Cyber – Artificial Intelligence Lawyers” by the Daily Journal (2018), one of the “Most Influential Lawyers: Digital Media and E-Commerce Law” by the Los Angeles Business Journal, and has been designated a “Top Rated Lawyer in Technology Law” by Martindale Hubbell. He is the author of the upcoming Bloomberg BNA portfolio Enterprise Cybersecurity Governance, and co-author of the Bloomberg BNA Portfolio Records Retention for Enterprise Knowledge Management.

October – Art Poghosyan

By

Topic: Closing the Cloud Security Gap with Privileged Access GovernanceDownload

Privileged access has been one of the most complex issues organizations have had to address. Breaches of privileged access can have profound impact on IT infrastructure, expose large volumes of confidential data and cause devastating consequences for the business. The rapid evolution of the public cloud technologies in the past few years has introduced even more complexity and has challenged the existing methods and tools for securing privileged access. As a result, we are witnessing an exponential increase in cloud access breaches that leave terabytes of confidential data exposed and cost businesses billions of dollars every year.
In this talk, we will review key examples of how the growing public cloud ecosystems have re-defined privileged access security requirements which, in turn, created the need for new and innovative approaches to securing privileged access. We will also review the best practices for cloud privileged access governance that are already emerging and are being adopted by the industry leading organizations. We will conclude with recommendations for security professionals to help identify their cloud privileged access exposures and define a methodical approach for addressing this critical risk in their environments.

Speaker: Art Poghosyan
Art has spent nearly two decades of his professional career in Information Security. The first 8 years of his career Art spent at Big 4 firms, serving global enterprises across many industries. In 2010, Art co-founded Advancive, a market leading brand for Identity & Access Management (IAM) consulting and solutions implementation. Art led the company’s exponential growth and eventual acquisition by Optiv Security in 2016. At Optiv, Art built and launched Optiv’s first managed IAM service offering focused on Privileged Access Management (PAM). In 2018, Art left Optiv to start his next business venture, Britive, where he is serving as the CEO. Art is a frequent industry contributor, recognized for sponsorships and speaking engagements at events such as Identiverse, RSA Charge, ISSA LA Summit, and ISACA Orange County conference. He is a regular volunteer and contributor at (ISC)2 CISSP and ISSAP certification exam development workshops.