May 2019 Monthly Meeting - ISSA Puget Sound
Designing Secure Authentication Solution – What about me (the user)? Speaking topic information: This talk is about the importance of considering the end user experience when designing Secure Authentication Solutions. Often Security professionals get over-indexed on designing a secure solution and don’t envision impacts that it will have to end users. During this talk, based on my years of experience in Identity and Access Management space I will share real-life examples of how security focused design decision led to adverse user impacts and incessant help desk calls. Breach Fatigue: An opportunity One of Gartner's 2019 and Beyond Predictions asserts that through 2021, social media scandals and security breaches will have effectively "zero lasting consumer impact." And no wonder! Breaches of millions, and sometimes billions of recor4ds, seem to happen monthly. The so-called Collections #1-5 Megaleak of 25 billion records, representing 2.2 billion unique identities was mocked only a few weeks later by another 620 million records stolen from 16 websites in February 2019. How many times does our private information need to be stolen before it no longer matters? When it comes to "breach fatigue" we are already there. A recent Harris Poll reported that only 20 percent of respondents said they “completely trust” organizations they interact with to maintain the privacy of their data. Customers don't believe we can keep their data safe. Regardless of the penalty implications of GDPR and CCPA, most companies know they are right--some having shockingly proven them so with multiple recent data breaches. What does it mean when no company can reasonably expect to protect its private data? How does that affect our perception of regulations like GDPR and CCPA that define protection expectations and disclosure penalties? And how can we argue security as a "competitive differentiator" when customers no longer have confidence in protective measures. Where do we go from here? In this session, we'll explore' The current threat landscape and trends, and how they challenge security obligations set forth in privacy regulations How breach fatigue may influence privacy and security perception and strategy How we might leverage this to improve overlooked areas of data management, security, and corporate resiliency that have eluded us for decades. Join us for the after meeting soirée with food and drinks at the Islander Restaurant. Plan on bringing a friend!!! This is a great opportunity to network with your peers, introduce your friend and to meet new people: Address 2441 76th Ave SE, Mercer Island, WA 98040 Speaker: Manish Gupta has worked within the field of Identity and Access Management since 2000 supporting users at American Express, Ameriprise, Blue Cross Blue Shield, and Publix Super Markets before joining Starbucks. Throughout the career his vision has been to ensure delightful user experience while designing secure Identity Management solutions. He recently relocated to the Seattle area after spending 10 years in Florida and enjoys cricket, travel, reading and spending time with his family. Bar Lockwood CISM and CISA certified, with more than 15 years of experience in security integration, assessment, and management. She has worked as a Security Manager, Technical Program Manager, Security Auditor, Threat Intelligence Specialist, Software Quality Analyst, and Data Governance Professional at organizations including Microsoft, AT&T Wireless, and Premera. She has deep expertise in organizational security risk profiling, security integration, threat management, and compliance. In 2005, she injected the first security activities into an international software development lifecycle standard, compelling adoption in all subsequent SDLC standards. This work is recognized by the Department of Homeland Security. Her current focus is on national infrastructure protection. She is currently engaged as Principal Product Security Leader at GE Power Grid
8236 S.E. 24th St.
Mercer Island, WA 98040