2020 National Cyber Summit

Summit Speaker Shirley Zhao

Session Information

Business Driven Security to Enable Technology Adoption - from Cloud to Internet of Things (IoT)
Thursday, June 6, 2019 2:15 p.m. - 3:00 p.m.
Cyber attacks have become a norm, not as a result of lacking security solutions but often times an organizational failure in managing security as part of their business.

Tackling with regulations and compliance requirements has created a cyber security community to certain extent compliance driven, with much of the workforce dedicated to filling out paper and checking off control lists. Compliance driven not only does not effectively elevate an organization's security posture, but also tends to become obstacles of technology implementation.

Security and Business are not conflict of each other. Taking "Cloud First" policy, FedRAMP framework and the cloud adoption in the public sector as an example, this presentation advocates and illustrates various ways for organizations to become more business driven in managing security and "risks" at levels from policy, strategy, to implementation so to best utilize the benefits of technology innovation. This is especially important when technology advancement such as IoT is poised to bring tremendous business transformation but with a dauntingly more complex attack surface and dynamic changing threat landscape.
Von Braun Center - South Hall | Ballroom 2
Shirley Zhao photo
Shirley Zhao
Principal Program Manager, Product Security Governance
Blackberry
Shirley Zhao is the Principal Program Manager of Product Security Governance at Blackberry. She is responsible for the program that strengthens the security across BlackBerry's software products.

Before joining Blackberry, she consulted at government agencies and commercial organizations, providing enterprise wide cloud computing and cyber security advisory service. Her clients included DoD, USDA, HHS, NIH, State, Navy, Amtrak, etc.. A known industry and cyber security expert, Shirley has developed strategies, policies, processes and roadmaps that have organization-wide impact as well as worked directly with technical and functional stakeholders to carry out mission critical initiatives.

Shirley is a strong advocate for business driven approach to enterprise IT and cyber security. She is a featured panelist of the Cloud Security Panel at the NIST 2018 Cybersecurity Risk Management Conference. She recently gave speech on Enterprise IoT Security at the ISACA 50-year anniversary North America CACS Conference.