The monthly meeting of the Security Practitioners' Forum (Security Users' Group)

Topic: Enterprise Risk Management

Introduction, big-picture, and notes from experience.

Presenter: Harry Contreras

Enterprise Risk Management is a rapidly maturing field fraught with misunderstandings. Harry provides a primer on what ERM is and is not, discusses the drivers and expectations of ERM, reviews industry research and Good Practices, and provides the lessons & anecdotes of a seasoned practitioner.

About the Speaker:
Harry Contreras is presently an IT Security Manager with a Fortune 500 enterprise. With over twenty (20) cumulative years in information security experience his present range of responsibilities includes industry benchmarking for security products and services, understanding security trends in delivering security policy and standards. Implementing security strategy through research and development of security solutions that meets enterprise needs to mitigate risks identified through Risk and Threat forecasting. Presently, working with company business IT leadership and identifying opportunities to synergize information security strategy with new business initiatives.

Prior work experience at an international aerospace company he served as Lead Security Systems Analyst and Security Strategist for their Global Security Services. Over the course of 12 years he was responsible for providing analytical consultation services in information technology and security services. Harry provided security policy management, strategies and developed standards, procedures and position statements with subject matter expertise in wireless, encryption, PKI and smart card technologies. Additional information security experience through work engagements with several global IT services companies.

Harry has a Bachelor’s of Science degree in Information Systems from the University of Phoenix and maintains a Certified Information Systems Security Professional (CSSP) certificate. He is accredited with a Green Belt in Six Sigma methodologies. Selected to serve on the advisory board for the internet publication; SearchFinancialSecurity.com.

The Arizona Security Practitioner's Forum is an organic group for InfoSEC Professionals.

Generally, our purpose is:

• To facilitate knowledge transfer, networking and growth within the InfoSEC community.
• To provide a forum for IT professionals to grow InfoSEC awareness and competencies.