2019 National Cyber Summit

Summit Speaker Shirley Zhao

Session Information

Security: From Compliance Driven to Business Driven
Thursday, June 6, 2019 2:15 p.m. - 3:00 p.m.
Security and Business are not conflict of each other. This presentation advocates for organizations to become business driven in managing security at all levels, from policy, strategy, building infrastructure security, security operation to implementing business IT system.

Tackling with a landscape of regulations and compliance requirements has created a cyber security community to certain extent compliance driven, with much of the workforce dedicated to filling out paper and checking off control lists. Even though risk-based security management as an approach has gained ground and is considered more efficient and effective, many organizations find it challenging to truly take a risk-based approach at their organizations. Becoming business driven, understanding business goals, and working with business stakeholders to help them achieve their goals are essential for taking on a risk-based approach. This presentation will illustrate cases in which an organization can become more business driven, including enacting security policy that enable business stakeholders to take risk-based approach at line of business level, develop expedited paths toward meeting compliance requirements, be strategic in building infrastructure security as foundation, be engaged and supportive in business IT system acquisition and implementation.
Shirley Zhao photo
Shirley Zhao
Principal Program Manager, Product Security Compliance and Governance
Shirley Zhao is the Principal Product Security Compliance and Governance Program Manager at Blackberry. Working with the world-renowned security operation team that collaborates across the industry, monitors the threat landscape and responds rapidly to emerging incidents, Shirley is responsible for developing and strengthening Blackberry’s IoT and EoT product security compliance and governance program.

Shirley has practiced in a variety of IT domains, including software engineering, system integration, cloud infrastructure and cybersecurity governance. Before joining Blackberry, she consulted at government agencies and commercial organizations, providing enterprise wide cloud computing and cyber security advisory service. Her clients included DoD, USDA, HHS, etc. She developed strategies, policies, processes and roadmaps that have organization-wide impact as well as worked directly with technical and functional stakeholders to carry out mission critical initiatives.

Through governance models and frameworks, Shirley advocates for holistic, business driven and collaborative approach in addressing enterprise IT and cyber security challenges.

Meet Our NCS 2019 Speakers

Jocquette Blue Photo Jocquette Blue Senior Cybersecurity Analyst H2L Solutions
Paige Boshell Photo Paige Boshell Managing Member Privacy Counsel LLC
Wayne Burke Photo Wayne Burke Vice President and Co-Founder Cyber2 Labs, LLC
Paul Coggin Photo Paul Coggin Cyber Security Research Scientist Financial Institution
Brian Contos Photo Brian Contos CISO Verodin
Randall Cottrell Photo Randall Cottrell Chief Executive Officer Bluejireh Incorporated
Joshua Crumbaugh Photo Joshua Crumbaugh Chief Hacker/Chief Operating Officer PeopleSec® LLC
Ben Curry Photo Ben Curry Chief Architect, Managing Partner Summit 7 Systems
Robert Decicco Photo Robert Decicco MD Digital Intelligence
Byron DeLoach Photo Byron DeLoach Director of Adaptive Services Cybriant
Nicholas Downer Photo Nicholas Downer Systems Security Engineer/Instructor Millennium
Major Bradley Eames Photo Major Bradley Eames 47CTS OL-A Deputy Commander 47 Cyberspace Test Squadron
Rita Edwards Photo Rita Edwards Featured Cyber Security Instructor CyberProtex
Mr. Scott Edwards Photo Mr. Scott Edwards President Summit 7 Systems
Shawn Edwards Photo Shawn Edwards Cyber Adversarial Engineer The MITRE Corporation
Irene Garcia-Goan Photo Irene Garcia-Goan Sr. Cybersecurity Analyst H2L Solutions
Travis Green Photo Travis Green
Jonathan Hard Photo Jonathan Hard Chief Operating Office and President H2L Solutions
Matt Henson Photo Matt Henson CEO Trade Collaboration Engine
Sean Hopkins Photo Sean Hopkins Red Team Security Engineer Millennium Corporation
Dr. DJ Hovermale Photo Dr. DJ Hovermale Senior Cyber Operations Training Analyst, Principal SAIC
Dr. Michaela Iorga Photo Dr. Michaela Iorga Senior Security Technical Lead NIST
Ray Kelly Photo Ray Kelly Security Architect Micro Focus
Ben McGee Photo Ben McGee CyberProtex Featured Cyber Security Instructor
Dr. Wesley McGrew Photo Dr. Wesley McGrew Director of Cyber Operations HORNE Cyber
Charlene Mowery CISM, PE Photo Charlene Mowery CISM, PE Vice President of Global Business and Marketing, Cybersecurity SME Ultra Electronics, 3eTI
Ms. Sonia Mundra Photo Ms. Sonia Mundra President Chenega Analytic Business Solutions, LLC (CABS)
Michael Portera Photo Michael Portera Red Team Security Engineer Millennium Corporation
Jonathan Risto Photo Jonathan Risto
Robert Rounsavall Photo Robert Rounsavall Co Founder Trapezoid, Inc.
Kell Rozman Photo Kell Rozman Security Software Engineering Senior Manager Toyota Motor North America
Antonio (Tony) Rucci Photo Antonio (Tony) Rucci Director, InfoSec & Threat Intelligence GRIDSMART Technologies
Greg Schaffer Photo Greg Schaffer Principal vCISO Services, LLC
Jake Schneider Photo Jake Schneider Director of Cyber Technologies GaN Corporation
Winn Schwartau Photo Winn Schwartau Chief Visionary Officer Winn Schwartau LLC
Jeffrey Shapiro Photo Jeffrey Shapiro Senior Cyber Operations Training Analyst, Principal SAIC
Dr. Joshua Stroschein Photo Dr. Joshua Stroschein Training and Academic Outreach Open Information Security Foundation
Trevor Vaughan Photo Trevor Vaughan Vice President Engineering Onyx Point, Inc.
Dr. Brad Wardman Photo Dr. Brad Wardman Head of Threat Intelligence PayPal
Mark Whigham Photo Mark Whigham Instructor Calhoun Community College
Mr. Wes Widner III Photo Mr. Wes Widner III Senior Cloud Engineer CrowdStrike
Shirley Zhao Photo Shirley Zhao Principal Program Manager, Product Security Compliance and Governance Blackberry

View AgendaView Speaker Listing

Attend NCS 2019 to meet and hear speakers like this!

Register Now