Joey Smith (CISSP, EnCE) joined Schnuck Markets as the Director of Information Security in January 2014 and was tasked with enhancing the Information Security program for the company. In this session he will discuss the steps companies can take to mature their information security programs beyond a typical security compliance model to one that enables the business to be successful. In this discussion, Smith will highlight how an information security team can be organized to focus on operations, threat and vulnerability management, as well as governance, risk, and compliance and how to manage these various objectives and focuses of these groups. Smith will suggest a reasonable timeline he has used to help as a guide to teams as they work together to build a business aligned Information Security program. Additionally, Smith will highlight his defense in depth strategy and other lessons he has learned while working in information security field.

Bio: Joey Smith is a Certified Information Systems Security Professional (CISSP) and EnCase? Certified Examiner (EnCE) whose career started at a data recovery company where he recovered data from failed hard drives. He became interested in the computer forensics side of the business, and after receiving his computer forensics certification, he started managing the company?s computer forensics department. As his career progressed, he began working for MasterCard Worldwide running the technology company?s Incident Response program. From 2008 to early 2012, he was the primary investigator and incident manager for MasterCard?s Global Computer Security Incident Response Team. In 2012, he joined the MasterCard Account Data Compromise team. In this role he was responsible for account data compromise (ADC) fraud investigations and worked closely with merchants, issuers, acquirers and other card brands to issue fraud alerts and respond to global ADC events. He was part of the Payment Card Industry Security Standards Council (PCI SSC) responsible for reviewing the work of various PCI forensic investigation companies to ensure the work being performed met the quality standards of the PCI Data Security Standard. He joined Schnuck Markets in January 2014 as the Director of Information Security and is responsible for enhancing and maintaining a successful security program for the company. Additionally, his experience in information security, investigations and payment card fraud has afforded him the opportunity to be a speaker at various security conferences and industry meetings, including the Guidance Software Computer and Enterprise Investigations Conference (CEIC), SecureWorld Conference, Gateway Electronic Crimes Task Force (ECTF) meetings, and InfraGard meetings. Additionally, in 2014 Smith was an honored recipient of the Southeast Missouri State University Young Alumni Merit Award. His goals are to continue to develop his career as a security leader and be an influencer of change and awareness across the security industry.

Back to ShowMeCon 2015 video list