Loading Events

« All Events

  • This event has passed.

ISSA-LA June Dinner Meeting

June 21, 2017 @ 6:15 pm - 9:00 pm

Location: Location: The Honest Company, 12130 Millennium Drive, Los Angeles, CA 90094

Topic: Convincing Your Management,  Your Peers, and Yourself that Risk Management Doesn’t Suck
As security professionals, almost every action we take comes down to making a risk-based decision. Web application vulnerabilities, malware infections, physical vulnerabilities, and much more all boils down to some combination of the likelihood of an event happening and the impact of that event. Risk management is a relatively simple concept to grasp, but the place where many practitioners fall down is in the tool set.

The lucky security professionals work for companies who can afford expensive GRC tools to aide in managing risk. The unlucky majority out there usually end up spending countless hours managing risk via spreadsheets. It’s cumbersome, time consuming, and just plain sucks. After starting a Risk Management program from scratch at a $1B/yr company, I ran into these same barriers and where budget wouldn’t let me go down the GRC route, I finally decided to do something about it. SimpleRisk is a simple and free tool to perform risk management activities.

Based entirely on open source technologies and sporting a Mozilla Public License 2.0, a SimpleRisk instance can be stood up in minutes and instantly provides the security professional with the ability to submit risks, plan mitigations, facilitate management reviews, prioritize for project planning, and track regular reviews. It is highly configurable and includes dynamic reporting and the ability to tweak risk formulas on the fly. It is under active development with new features being added all the time and can be downloaded for free or demoed at http://www.simplerisk.org. With a simple, powerful, and cost-effective tool and some basic risk management knowledge at your disposal, you too can become the security rock star that your business seeks out for risk-based decision making. Let me show you how to convince your management, your peers, and yourself that Risk Management doesn’t suck.

Speaker:Josh Sokol
Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information Security Program Owner at National Instruments. In his current role, Sokol manages all compliance, security architecture, risk management, and vulnerability management activities for NI. Sokol created the free and open source risk management tool named SimpleRisk, has spoken on dozens of security topics including the much-hyped “HTTPSCan Byte Me” talk at Black Hat 2010, and currently serves on the OWASP Global Board of Directors.

Thanks to our sponsor: Palo Alto Networks
Palo Alto Networks is the next-generation security company maintaining trust in the digital age by helping tens of thousands of organizations worldwide prevent cyber breaches. Our innovative security platform with game-changing technology safely enables applications, users and content, empowering organizations to securely and efficiently move their businesses forward. Find out more at www.paloaltonetworks.com.

Capacity for this Event is limited and no walk-ins will be admitted

Please park on the street. Parking in the lot is $2.00 each 15 minutes with $20.00 daily maximum. Credit card only.


June 21, 2017
6:15 pm - 9:00 pm