<We_can_help/>

What are you looking for?

CISO Round-Table – Empowering the C(I)SO with Enterprise Security Risk Management

CISO Round-Table – Empowering the C(I)SO with Enterprise Security Risk Management

Enterprise level security management is becoming the indispensable, next generation approach to shaping the security function’s strategy, risk and compliance mandates; and an efficacious aid in avoiding control gaps by interlocking an enterprise’s security organization, people and processes.

As headlines in the news amply point to, such an approach commends itself to both private and public organizations. Hence, the management convergence of all security disciplines – cyber, information, physical, personnel, event, executive/board room/TSCM, travel, awareness and others – will be key in mastering today’s and tomorrow’s multi-vector and increasingly interdisciplinary security challenges. Pursuant to ASIS’ Enterprise Security Risk Management (ESRM) philosophy and best practice, the point of departure on the road to ensconcing a comprehensive security management system is an organization’s maturity vis-à-vis the ESRM approach and the convergence of security disciplines that lies at its core. For not only are organizations likely to open up new attack vectors between the figurative cracks of individual security disciplines in, at times, quasi-autonomous silos, but are the driver in the creation of an undue imbalance between individual security disciplines. Such a state of affairs also has demonstrably created new attack surfaces for internal and external adversaries. In Switzerland and other advanced economies, it is typically highly mature IT-security functions that exercise their mandates adjacent to, and relatively ignorant of, other security disciplines, the existence of which they may have only noted on their respective organizational chart. This ubiquitous imbalance between security disciplines in silos, and of at times wildly differing maturity levels between, and complete lack of coordination amongst, themselves, offers uncounted opportunities that can be exploited by a perturbing array of malicious actors.

speaker_info

About The Speakers

Doron Zimmermann PhD

Accomplished and results driven senior security manager with national security background at cabinet level in government and board level in private sector leading full spectrum of cyber, information, and corporate security domains for finance, energy, logistics, and telecommunication industries. Proven ability in information security conception/architecture, threat intelligence analysis, editing/streamlining of products, and balancing various contact and interest groups; cross-departmental security stakeholder management in private sector, federal administration, and in research/teaching. Adept at establishing security standards for numerous regulated industries and in critical (information) infrastructure protection (e.g. ISO 27001/2; ISACA Implementation Guide for 27001; NIST; BSI Standard 100-1; ASIS Enterprise Security Risk Management). Demonstrated history of success in corporate security risk management and cooperation with authorities at federal, EU (ENISA), and professional/specialist associations (ASIS, ECSA, ISACA).
Position:
Lead Security Strategy, Risk and Compliance at Pragmatica AG
Social:

Marc Etienne Cortesi

Marc Etienne Cortesi studied computer science at ETH Zurich. After holding various roles in IT consulting, he joined Baloise in 2011. Until 2016, he led the group-wide IT audit and for the past 7 years he has been responsible for information security as Chief Information Security Officer (CISO). Marc Etienne Cortesi is board member of the Swiss Financial Sector – Cyber Security Centre, which aims to strengthen the cyber resilience of the financial sector and promotes institutional cooperation between financial institutions and authorities. In addition, he passes on his knowledge to master's students in the Information & Cyber Security program as a guest lecturer at the Lucerne University of Applied Sciences and Arts.
Position:
CISO at Baloise Group
Social:

David Mantock

David is a dedicated IT professional with over 20 years of experience. And as such is passionate about keeping our digital world safe. Currently David is the Group Chief Information Security Officer at DocMorris. In this exciting role David leads an international team of specialists. This team focuses on: Application Security DevSecOps Cloud Security Physical and Infrastructure Security DocMorris is a founding member of the European Association of E-Pharmacies. In this context David has helped to set-up a Cybersecurity and Data Protection Committee. Thus, enabling all members to gain valuable insight and share knowledge. Before his current role David was the very first CISO of SPIE Switzerland. In his tenure David helped the company achieve ISO 27001 certification. He also introducing several innovative technical measures. His human centric approach helped to establish a thriving security ambassadors’ program. He likes to embrace the power of the collective and as such has collaboration style based on clarity, empathy, focus, and creativity. When not at work, David enjoys time with his family and immersing himself in nature by venturing into the forest.
Position:
Group Director of Digital Trust and CISO at DocMorris
Social:

Peter Kosel

Peter has been working internationally as a "MATCHMAKER" for over 20 years - a passion that has become the common thread in his personal and professional life. Wherever connecting the right specialists with exciting companies is the order of the day, that's where you will find Peter - be it in HR consulting, in management and IT consulting or in the corporate environment of high-tech companies. Since September 2020 he has taken this passion to new heights with his startup, cyberunity - A cyber-security-career-community which, in addition to forward-looking talent acquisition, is primarily concerned with the topics of cyber-security awareness and emotional intelligence. Peter is all about establishing and developing vibrant relationships with future employees. In today's competitive professional environment, it is a fatal error to wait until a vacancy opens up before putting out feelers for the right candidates. That would be like the sales team only starting to approach customers when sales are urgently needed. Top candidates (especially in the cybersecurity field) are spoiled for choice and must be approached, enticed and ultimately won over proactively and as early as possible. Instead of "war for talents", KNOW YOUR TALENTS is the order of the day. (cyberunity - KNOW YOUR TALENTS is my slogan)
Position:
Founder & Talent Community Manager at cyberunity AG
Social:
event_info

Event will take place at

09:50-10:30