During the 12+ years of Information Security experience, he built expertise on Multiple Security Technologies and conducted Vulnerability Assessments, Penetration testing, Compliance Audits, Enterprise Risk Management and designed Policies & Procedures. Mr. George’s professional certifications include CISM, CISSP, BS7799LA and ITIL-F. Mr. George has been a consultant to 5 Telcos in the Middle East on the design & implementation of their security solutions. He was involved in architecting security solutions and delivering professional services for Ministries, Banks, Airlines and Oil companies within GCC. He was the Project Manager for the BS7799-2:2002 certification of a Research organization in UAE, a major B2B portal in UAE and the IT department of a Group of Companies in UAE dealing with Automotive, Contracting, Manufacturing, Trading and Real Estate industries. He is also an international speaker and has spoken on various topics like ‘Web Application Security’ at the Muscat International Security Conference, ‘Making a case for IPS’ at the Technology Senate Pattaya, ‘ISO27001 and NIPS’ at ISACA UAE, ‘Information Security Policy Lifecycle’ at the Oil Companies conference, ‘BS7799 – A Case study’ at the BSi seminar etc.
Speech Topic & Synopses
The concern over network and application security long ago moved out of the exclusive realm of IT and became something that every corporate manager and executive is focused on. While the IT organization retains the primary responsibility for warding off intrusions and extrusions, the impact of any attack is felt throughout an organization today – both in the direct costs of repairing the damage, and in the indirect costs which are incurred when corporate resources are “down” and core business goals simply can’t be forwarded. 2012 was a year of targeted attacks. Organizations that follow the industry best practices in terms of Security Architecture and Security Technologies are getting compromised by targeted attacks. This leads to certain questions – Are today’s Security Technology investments and Security Architecture frameworks apt enough in protecting against the new wave of attacks? Are the concepts of ‘Defense in Depth’ and ‘Layered Security’ still valid? Is there a ‘Next Generation’ silver bullet that can solve all the unknown attacks? ‘Managing Risk through Visibility’ is about analyzing the Security Technology investments and adding two new dimensions called ‘Proactive Risk Management’ and ‘Visibility’. Speaker delves into details of the importance of Proactive Security and visibility into IT operations from the perspective of Targeted and Zero-Day type of attacks.