This talk will explore how the typical organization goes about creating/planning their cybersecurity strategy, and how this method is flawed. We’ll explore how to assess whether your current cybersecurity program is meeting your organizational needs, and discuss data-driven methods/strategies for getting your program into an effective state.
Audience: Information security practitioners interested in understanding how to define effectiveness in the context of cybersecurity initiatives.
Chris Rossi serves as CISO at Rule4. Prior to Rule4, Chris spent nine years at AppliedTrust, where he was Vice President of Governance, Risk, and Compliance (GRC) and provided consulting services for a variety of healthcare, federal, municipal, and private organizations. Chris also served as an outsourced CISO for several healthcare organizations, helping them establish and maintain strategies and programs to ensure their information assets were adequately protected. Chris is heavily involved in the Philadelphia IT community, including running and occasionally presenting at the Philadelphia Security Shell meetup. When he steps away from the office, Chris likes mountain biking, losing at racquetball, and taking the occasional run. He also enjoys reading, cooking, and engaging in regular battles of will with his son and daughter.