In “The Fool’s Gold Rush to Compliance,” Michael, the Chief Security Officer/Senior Director of Information Technology at Copyright Clearance Center, warns against equating compliance controls with robust security solutions. The talk focuses on specific controls within the ISO 27001 and SOC 2 Type 2 certification frameworks that can be utilized to strengthen overall security. Michael emphasizes the need to seize the opportunity of pursuing compliance certifications to implement strong security practices instead of settling for minimal standards. In just 15 minutes, he presents how to pitch security controls within ISO 27001 and SOC 2 Type 2 initiatives, providing examples of driving security solutions for approval alongside compliance progress. The talk’s primary objective is to showcase best practices in security while still meeting the compliance certifications that management seeks.
Drawing from over 15 years of experience in the financial industry as a cybersecurity professional, with expertise in cloud forensics, incident response, and information security compliance, Michael offers valuable insights. His GIAC certifications in GCIH, GCFE, GCFA, and GPEN, along with his affiliation with HTCIA, further demonstrate his dedication to the field. As he highlights the significance of differentiating between compliance and strong security measures, Michael empowers organizations to make informed decisions and optimize their security efforts while pursuing necessary certifications.