The Muro Group International, a US based company with offices in Cali and Bogota, is proud to organize Latin America’s premier information security event, Security Zone 2012 December 3 through December 7, 2012. Bringing together the world’s top security experts, academics, and technology companies to present their new tricks of the trade and have fun in the sunny and beautiful city of Cali, Colombia.
Security Zone will be offering a wealth of presentations on all of the most critical issues in the security field right now. You’ll have the opportunity to speak with these experts directly, ask questions, and learn how to better protect your company from security threats.
The cost to attend this year’s event is $300 USD. You can pay via Paypal or wire transfer. Don’t miss this opportunity to learn and have a great time in South America.
Alex Hutton is a big fan of trying to understand security and risk through metrics and models.
Currently, Alex Hutton is a Director of Operational Risk Management for a financial institution in the United States. Included in his responsibilities are both information risk management and vendor management. In his past life he worked for the Verizon Business RISK Team. The Verizon RISK Team builds and hones the risk models for Cybertrust services, produces the Verizon Data Breach Investigation, the Verizon’s PCI Compliance report, and is responsible for the VERIS data collection and analysis efforts.
Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum.
Alex is a founding member of the Society of Information Risk Analysts (http://societyinforisk.org/), and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog (http://www.newschoolsecurity.com). Some of his earlier thoughts on risk can be found at the Riskanalys.is blog (http://www.riskanalys.is).
Alex Hutton (USA) – @alexhutton – The Modern Approach to Risk Management and Fishing For Risk
The current way we approach and try to understand risk is not just fundamentally flawed, it is now failing the organizations we serve. A groundswell for alternatives has been brewing for a while, with Operational Risk Managers trying to develop a more “modern” approach based on evidence and predictive analytics. What’s missing is an approach that speaks to what is perhaps the most important part of Operational Risk – Information Security.
This talk will discuss what a “modern” approach to Information Risk might be, how we can get there, and then also serves as a brief workshop/instructional talk around using the “RiskFish” tool to identify risk factors.
December 6, 2012 – Briefings Day 1 17:30 – 18:30 (5:30pm)
Martin Fisher is the Director of Information Security for a large integrated healthcare provider in the Atlanta, Georgia area. He has over 20 years of information technology experience with the last 6 years being focused in the information security arena. He also hosts the “Southern Fried Security Podcast” which focuses on trends, news, and leadership within the information security community. He has spoken at conferences hosted by the Centers for Disease Control and Prevention, the ISSA National Conference, and Security B-Sides on a wide variety of topics ranging from Incident Response to Career Development.
You can contact Martin through his podcast website (www.southernfriedsecurity.com) or as @armorguy on Twitter.
Martin Fisher (USA) – @armorguy – The New Defense In Depth (Bringing The Sexy Back To The Blue Team)
Defense in Depth is as old as information security. The problem is that the way we have used it in the past doesn’t work in age of rampant 0-day, “APTs”, and IT’s inability to keep up with the patch cycles on software.
We’re going to discuss how to re-think Defense In Depth to make it useful and effective in almost any environment. We’re going to focus on ideas and concepts that you can implement on *your* network with special attention to open-source and low-cost alternatives to the high-cost/low-capability products and services that some providers market.
December 6, 2012 – Briefings Day 1 15:00 – 16:00 (3pm)