NYS Forum Logo

The NYS Forum
Project Management and Information Security Workgroups Present:

Is Your Project Vulnerable? Reducing Security Risks with SSDLC

May 4, 2015
2:30 - 4:00 pm
(2:00 pm Check-In)
Albany Marriott
189 Wolf Road Albany, NY 12205


Also available via Webinar

Presentation Overview

In days past, before the arrival of persistent cyber criminals and insider threats, information security was often an optional afterthought. Well, no more!

Security is now an obligation of modern day information systems' builders to the owners of the systems they serve. Security requirements must be identified early and addressed as part of the System Development Lifecycle (SDLC). Like any other business requirement, the further into the project you are, the more costly and time-consuming they are to address. Failure to fully define security requirements can have major repercussions to the success of a project, result in project delivery delays, deployment of an inadequate or insecure system, and even the abandonment of the project. The lack of appropriate controls can result in inadequate security, potentially putting New York State entities at risk of data breaches, reputational exposure, loss of public trust, compromise to systems and networks, financial penalties and legal liability.

Don't let this be the fate of your project. Come and join in a panel discussion on how New York State and private industry are combating and mitigating these risks, and are building in security from the beginning with a Secure System Development Lifecycle (SSDLC).

Presenters and Panellists:

Deborah Snyder, NYS Office of Information Technology Services (OITS)

Deborah, Deputy Chief Information Security Officer (CISO) for OITS, directs the Enterprise Information Security Office's comprehensive governance, risk management and compliance program. She is responsible for providing strategic leadership and vision, and assuring business-aligned, risk-based investments to maximize business opportunity and minimize risk. Deborah has extensive experience in government program administration, information technology and cyber security policy. She is a recognized industry thought-leader and active contributor to the security profession. She has published numerous articles and co-authored the book entitled, SECURE - Insights from the People Who Keep Information Safe, and has been recognized for excellence in government services and outstanding contributions to the field of cyber security.

Scott Rogler, NYS Engineering for the NYS Enterprise Information Security Office (EISO)

Scott, the Co-Manager of Secure Architecture and Engineering for the NYS EISO, a position he has held since January 2013, is responsible for providing technology risk management and enterprise level technical expertise, concentrating on secure systems and engineering. Additionally, he provides technical security guidance for the development and practice of the NYS secure systems development life cycle (SSDLC). He provides guidance for NYS agencies and business partners on how to best incorporate critical security controls into their systems and applications. Scott works collaboratively with other members of the EISO and subject matter experts to develop and redefine policies and standards to support the NYS OITS transformation. Scott has over 25 years of experience in information technology in both the public and private sectors. Prior to working for NYS, Scott was Chief Technology Officer at Albany College of Pharmacy and the Director of Technology for a multi-national professional services consulting company.

Russell Kiernan, QED National

Russell manages the Management Consulting and Information Security Services practices at QED National. Prior to working at QED National, Russell worked in the Financial Services industry where, as Chief Controls Officer for global Architecture, Engineering, and Technology Operations organizations, he was responsible for the effectiveness of the overall control environment. Russell's work includes the definition/implementation of policies, standards, processes, ongoing assessment of compliance and risk, risk reporting, as well as oversight of risk treatment and related corrective actions. This work resulted in 100% satisfactory audits and federal regulatory inspections for global auditable entities while significantly reducing the overall cost of control. Russell's professional experience also includes management of Information Security, PMOs, Projects, Enterprise Architecture, Application Development, and Financials/Budgets.

Nancy Mulholland, NYS Office of Information Technology Services (OITS)

Nancy, the CIO of the OITS Finance, Regulation and Gaming Cluster, is a seasoned IT Executive whose career consists of over 35 years of IT experience, 20 years of which involved large-scale project management applied in a myriad of complex business and technical environments. She is a dynamic, results-oriented, change leader, who specializes in quantifiable results and demonstrates a unique ability to successfully combine business acumen, technical skills and relationship skills to forge strong partnerships with senior executives enabling superior performance.

Sara Holmberg, NYS Office of Information Technology Services (OITS)

Sara, who has worked for New York State for over 16 years, served as the Director of the Project Management Office at the Workers Compensation Board (WCB) and is presently the Director of the Governance, Portfolio, & Strategy Office under the OITS Chief Portfolio Office. In her role at WCB she was responsible for: providing project management services for high priority and high profile projects; managing the project portfolio and governance process; providing project management standards and guidelines; and providing project and portfolio quality assurance metrics. In her present role she is working with the cluster PMO's to mature governance and portfolio management processes. Sara is a certified Project Management Professional (PMP).

Presentation