Talks

Aruba, a Hewlett-Packard Enterprise company, Interviewed Paul in preparation for IT Tech Field Day, and posted the interview on this blog post.

Below are abstracts from presentations Paul has given at conferences and events. Do you want Paul to give one of these presentations at your event? Or maybe you are interested in a topic you don’t see listed here. Contact Paul with details for your event and the request. 

What are we doing here?

What are we doing here? That’s the question. This industry is so focused on how an organization can prevent themselves from being attacked, but why? When I ask this question, the answer I was given has ranged from “public relations” to “we will get fined and our company will go out of business, we can’t afford to be hacked”. It made me wonder, Is there a moral boundary our industry is losing sight of? For this talk, I’ll share a case study where I interviewed multiple industry leaders and professionals to ask this question.

Defense-in-Depth | Tackling Data Privacy

Breaches vary in size and technique, and while proper data protection controls can reduce an attack surface preventing exploitation, most organizations struggle to implement and fund a mature security program. In this talk, I will cover how defense-in-depth can be used to defend, monitor, and respond to attempted attacks from malicious users. This presentation covers attack vectors from inside the organization as well as external threats. New data privacy focused regulations are driving organizational funding from the top down, and this talk will provide guidance on how to align defense-in-depth with some of the hottest compliance mandates of the year.

Architecting Compliance: Microservices

Microservices are a hot topic this year, but what are they? Microservices can help build granular security controls and tackle common problems with compliance requirements such as establishing a defined cardholder data environment (CDE) or managing user permissions to least privileged for customer data. This talk will cover common problems with addressing GDPR and the new CCPA requirements providing customers with “the right to know” and the “right to be forgotten”. With the new requirements for least privilege and segmenting network zones, we will also discuss how microservices can be used to address compliance requirements and give organizations granular control over their environments.

State of the SOC is a personal website. Opinions expressed are not those of any employer.