Virtual CSO, LLC.
Synopsis: Influencing change with business and IT executives is a learned skill. This session provides practical advice to communicate security risk, with examples to gain support and funding.Crash course topics:
- How to influence funding
- Risk tolerance statement and a risk register diagram
- Cybersecurity executive committee
- Tabletop exercises include executives within incident response
- Cybersecurity risk management framework
- Analysis methodologies
- Real world examples to present to executives
- Strategic planning and accomplishments
This is a hard charging session. It concludes with emphasis on the need to be a change agent and to close on projects, initiatives and risk mitigation.
BIO: Gideon Rasmussen is a Cybersecurity Management Consultant with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse industry experience within banking, startups, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management.
• Designed and implemented several cybersecurity programs
• Established strategic plans for multiple CISOs
• Presents to Boards of Directors and cybersecurity committees
• Established a NIST 800-53 information security program (10 projects)
• Established risk register processes and executive forums
• Implemented controls to preserve integrity of a presidential election
• Established penetration testing and dynamic scanning functions
• Established PCI payment card security program for a fortune 50 company
• Designed and led third party risk management programs
• Conducted cybersecurity risk assessments (hundreds of controls)
Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences).
CISSP, CRISC, CISA, CISM, CIPP, ITILv3, NSA-IAM
