Devops, bizops, flops and pops
Even though concepts such as immutable servers, code pipelines, devops and even cloud have been around for a while, standards still are tied to older architectural elements such as firewalls, anti-virus, passwords and patching.
This makes it difficult for GRC consultants and assessors to make clear decisions and provide guidance for organisations embracing new IT architecture.
This talk will start off by defining what GRC actually is and how it is required in any organisation.
It then will address the issues above and then offer some practical suggestions for dealing with them.
The talk is aimed at anyone who is interested in GRC or is required to deal with risk and compliance.
Allen Baranov is a Manager in the Governance, Risk and Compliance (GRC) team at CyberCX where he assists organisations to understand, achieve, and then maintain compliance with government and industry standards such as ISO-27001, VPDSS and PCI DSS.
With over 20 years’ experience in various roles in Information Security in Australia and internationally, Allen specialises in compliance, security strategy, architecture and risk management. He has consulting experience in diverse industry verticals such as banking and finance, manufacturing, retail, education and communications.
With a strong technical background, Allen has extensive experience in architecture and design using methodologies such as TOGAF and SABSA.
Allen’s qualifications and certifications include: Bachelor of Commerce (B.Com) , Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Payment Card Industry Qualified Security Assessors (PCI QSA) and Sherwood Applied Business Security Architecture (SABSA).
Allen has helped develop many of the methodologies, tools and documents that are used by CyberCX.
Allen is also heavily involved in the community, as chapter lead for DEF CON Group 11613 (Melbourne) and has presented at major conferences and groups such as AISA CyberCon, CrikeyCon, Bsides Melbourne, COSAC, ISC2, PCI SSC and the Blue Team Village at DEF CON 28. He has also volunteered with BSides Melbourne, DEF CON, The Diana Initiative and various DEF CON villages.
Allen’s presenting style is unconventional and he is most famous for his presentations that are presented entirely in Excel Spreadsheets.