Every IT organization accessing sensitive data, regardless of their size, must protect that data. Otherwise, your company is exposed to unacceptable risk. However, since cyber attacks on small and medium size businesses (SMB’s) rarely make headlines, it is easy for these IT organizations to develop a false sense of security. Information security is becoming increasingly challenging as both IT complexity and the threat landscape are evolving at an accelerated pace. During this presentation, I will share my methodology, including key, actionable recommendations to help you meet the challenge and manage your IT risk.

Bio: Experience on in-house IT teams, independent consulting and as a software vendor, Anthony Czarnik has developed a 360 degree perspective of Information Technology and Security. His professional roles include solutions architect, application developer, project manager, information security practice leader, partner manager, presenter, author, educator and most recently, CEO. Mr. Czarnik has attained extensive information security and risk knowledge. His experience spans GRC, including risk assessments, security audits, standards, frameworks and regulatory compliance, and security awareness, plus technical security controls, security architecture and products. Anthony managed an Information Security Practice for five years before founding CzarTek. In addition to his responsibilities for all aspects of the business and leading the practice, he provides virtual Chief Information Security Officer (vCISO) services. At DePaul University, Anthony graduated with honors in Computer Science, followed by a master’s degree in Information Systems. He later achieved CISSP certification. Other accomplishments include Dale Carnegie’s Presenter Champion award in addition to his application security white paper published internationally in Hackin9.

Back to BSides Las Vegas 2014 video list