(ISC)² Security Congress LATAM 2015: Surviving a poor cybersecurity corporate culture

I am very satisfied to inform that my paper has been selected for presentation at the (ISC) ² Security Congress Latin America 2015 to be held in São Paulo on 24 and 25 November.


My presentation is titled Information Security – Surviving a poor cybersecurity corporate culture, if you wish to know more, here is the abstract sent during the call for papers:

During the last couple of years, several companies have learned – the hard way – that neglecting Information Security can have disastrous impacts on operations, brand and financial results. This scenario prompt us to believe that the manager mindset should have evolved to a more mature approach, where security is seen as a business enabler and incorporated on every aspect of the strategy.

The truth is that – even now – little has changed. Security is still mostly regarded as a pure technical discipline and perceived as unnecessary cost and bureaucracy by managers and business alike. That is until a major incident happens, and all of the sudden those alerts sent by the security team become relevant.

Who is to blame? The business that disregarded sound advice, or the Security Team that did not know how to communicate in business terms?

The great challenge is not a technical one. Cloud, Big Data, Business Transactions, Data Leakage, for each risk there are several technologies that could be implemented to solve the issue. However, that amounts to nothing compared to the trials of create a strong cybersecurity culture, involving strategy, mature processes and specially people.

The main objective of this presentation is to discuss the creation of communication bridges from the Information Security Team to all levels of the business. Going beyond the simple implementation of technology, to address the challenge of creating a proactive cybersecurity mindset.