Media
Publications:
Audio/Podcasts:
Biography
John P. Pironti is the President of IP Architects, LLC. He has designed and implemented enterprise wide electronic business solutions, information security and risk management strategy and programs, enterprise resiliency capabilities, and threat and vulnerability management solutions for key customers in a range of industries, including financial services, insurance, energy, government, hospitality, aerospace, healthcare, pharmaceuticals, media and entertainment, and information technology on a global scale. Mr. Pironti has a number of industry certifications including Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information System Control (CRISC), Information Systems Security Architecture Professional and (ISSAP) and Information Systems Security Management Professional (ISSMP). Mr. Pironti frequently provides briefings and acts as a trusted advisor to senior leaders of numerous organizations on information security and risk management and compliance topics and is also a member of a number of technical advisory boards for technology and services firms. He is also a published author and writer, highly quoted and often interviewed by global media, and an award winning frequent speaker on electronic business and information security and risk management topics at domestic and international industry conferences.
Industry Expertise (10)
Computer/Network Security
Outsourcing/Offshoring
Banking
Internet
IT Services/Consulting
Information Technology and Services
Computer Hardware
Telecommunications
Computer Networking
Security
Areas of Expertise (7)
It Governance
Information Risk Management and Security
Cyber Security
It Audit
It Compliance
It Risk Management
Enteprise Risk Management
Accomplishments (1)
John Kayers Speaking Award (professional)
Award for being top speaker globally for ISACA.
Education (2)
Rochester Institute of Technology: Bachelor of Science, Imaging Systems Management 1996
Rochester Institute of Technology: Bachelor of Science, Imaging Systems Management 1996
Affiliations (1)
- CGEIT, CISA, CISM, CISSP, CRISC, ISSAP, ISSMP
Links (1)
Sample Talks (3)
The Future of Information Security - What's Next?
Information risk management and security has evolved from a technical specialty into a core and essential business function. The people, processes, procedures, and technologies that are utilized to protect information infrastructure and data are changing and evolving at a rapid pace. So too have the capabilities of the adversaries from whom we need to protect ourselves from. The fast paced introduction of new concepts and technologies such as mobility, virtualization, cloud computing, and social networking have dramatically advanced and changed the way we do business as well as the footprint for our critical data assets. They have also expanded the threat landscape that needs to be understood and approached proactively by organizations to ensure they are able to identify and appreciate the threats and vulnerabilities that exist in their ecosystems and how integrate this information into their risk management activities. This session will discuss how adversaries and threats they pose are evolving as well as the emerging trends and industry leading practices in information risk management and security that are being used to proactively protect information infrastructure and data assets from them. The areas that will be discussed in this session include current and evolving industry leading practices and concepts including governance and organizational models and concepts, threat and vulnerability management capabilities, and advances in both attack and protective methods, practices, and technologies.
Threat and Vulnerability Analysis
In order to create an appropriate security solution for an organization you must first understand the problem that you are trying to solve with the solution. Threat and Vulnerability Analysis techniques utilize methodologies which attempt to quantify the capabilities and willingness of an adversary to attack a solution as well as the inherent weaknesses which exist within the solution. Once you understand these concepts you can then create appropriate countermeasures and risk management techniques which can turn potentially devastating attacks into an operation's anomalies. This presentation will discuss some of the key considerations which need to be addressed during a threat and vulnerability analysis activity and the best practices which are associated with this type of activity.
Developing Metrics and Measures for Effective Information Security Governance
Information security has become a critical issue within organizations, and a key success factor for businesses. In order to effectively maintain the integrity and security of an organization’s information infrastructure effective security metrics and measures must be developed, implemented, and monitored. This presentation will discuss the concept of enterprise security metrics and measures and the concepts and topics that must be considered when developing, implementing, and monitoring them. These topics will include the identification of measurable points and activities, the development of meaningful metrics and measures, monitoring concepts, and reporting strategies. Case studies and scenarios will also be used to demonstrate operational scenarios for the benefits and challenges of this concept throughout the presentation.
Style
Availability
- Keynote
- Moderator
- Panelist
- Workshop Leader
- Host/MC
- Author Appearance
Social