Prior to joining Symantec via the LifeLock acquisition, I spent 5 years at NetApp, and over 10 years with Intuit; after working with the information security and risk management teams at Ernst & Young and KMPG. I have been responsible for leading key security initiatives that helped integrate security into the culture of the company and extend the brand into global markets. It has been a great honor to lead NetApp's ISO27001 recertification, speak at NetApp's conferences in Berlin and Tokyo and be a recipient of Intuit's Innovation Award. At Ernst & Young and KPMG; I was responsible for developing risk mitigation strategies primarily for Fortune 500 clients in the financial and technology sector. My focus is on maturing the organization's security posture by driving execution to a well-socialized and accepted security strategy that benefits internal and external stakeholders through a pragmatic mix of building cross-organizational relationships and developing people managers. I have a Masters degree in Electronics Engineering and am a Certified Chief Information Security Officer (C|CISO), a Certified Information Security Manager (CISM) as well as Certified in the Governance of Enterprise IT (CGEIT). I was recently recognized by a leading security service for responsibly disclosing a vulnerability that I discovered on their website; which led to all their user information being exposed to the public Internet.
Cyber security needs to be aligned with the business with accountability across the organization. Audit, risk, compliance, data, and privacy are all components of proactive security leadership. Leadership needs to be in the forefront communicating risk in ways that resonate with the business stakeholders. Cyber security is just one responsibility of the CISO. As more and more high profile data breaches take with increasing regulatory mandates, communication with the board and the rest of the C-suite is critical. CISOs must both shape messaging and instill security awareness as a part of corporate culture. Security needs to be seen as adding value not just meeting compliance requirements.
In this session: