Nov 11th, 2021 member meeting: SES 1 – Who’s Accountable Anyway; Ses 2 – Managed Security

Meeting from 7:00 PM to 9:00 PM – 2 CPE for full attendance. Registration is required.

Session One: Who’s Accountable Anyway? Sarah Clarke, Data protection and security governance, risk, and compliance

No one can (or perhaps should) be accountable for something they either cannot influence or don’t understand. This talk will highlight ways to create that connective communications tissue, to build buy-in for pragmatic security and data protection.

It is the foundation from which we build consensus and to tackle another challenge at the core of prospering as a security function: The GRC paradox. Workload invariably exceeds available hours in staff days. Having the means to triage is grounded in understanding prevailing risks. In order to understand risk, we need skilled personnel and time. In order to justify the budget for personnel and time, we need to understand risk.

This session will also discuss how to break that deadlock by moving triage left in the development lifecycle and keeping things simple enough to involve the rest of the organization in that process.

After a start in IT and network security, she too often saw colleagues burnt out. Frequently because they didn’t have data and sponsorship to describe challenges and drive change. This lead to a ground-up redesign of various processes, including vendor security governance, and sustainable triage. Working mainly in financial services.

She speaks and writes about related things, in between advising companies via her own firm Infospectives Ltd. She also volunteers with not-for-profit For Humanity, designing independent AI audit solutions, resulting in the election to their board as Director earlier this year. She is also a guest lecturer on vendor security governance for University of Manchester IT Governance Masters students. 

Session Two: Where is Managed Security Services going and where do we stand today?

In the past 18-24 months there has been a lot of change in the managed security services. The analysts have been measuring and driving it in the past through the MSS magic quadrant from Gartner and the Forrester Wave.  The change is in part due to the way clients consume security services but also driven by investors and the private venture partners that are pushing the service organizations to fit into a SaaS model to drive their valuation.  What this has done, is the change from services focuses to a platform focus, with a twist of consulting to support the holistic engagement.  

Istvan will start by defining the current changes in the marketing, what is meant by MSS, MSSP, MDR, XDR, SOCaaS, etc., and discussing some of the value some of these services have brought to companies, but also what gaps the new approach may introduce.

Profile photo of Istvan Berko
Istvan Berko, (ISC)2 East Bay Chapter Vice President, New Role to be Announced Soon.

I drive new business by providing excellent customer engagement and establishing strategic partnerships with stakeholders and executives to increase revenue. I have been able to guide the technical strategy and direction of the security practice and advise strategic clients on the role of new security technology and innovations. I have had outstanding success in building and maintaining relationships with key decision makers, establishing major accounts while ensuring client retention and loyalty. I am well-organized with a track record that demonstrates leadership, self-motivation, perseverance, and creativity. I have extensive executive face-to-face interaction while focusing on client relationships and closing on new projects to provide customers with exceptional results.