Contact Us   |   Print Page   |   Sign In   |   Join Now
February 2018 ISSA Web Conference

ISSA International Series: Privacy vs. Security

Recorded (1 Hour Event) on Wednesday, February 14, 2018

Click here to view the recording.
Click here for the presentation.

CPE quiz available soon.


We are all concerned about Privacy. Every day there we hear about multiple PII breach announcements. Our current solution – lets create laws to require announcements and levy fines to encourage proper activities and protections. With GDPR looming on the horizon, as the most recent and perhaps the most comprehensive regulation yet, we find ourselves wondering if others will adopt similar regulations. If so, do we as security professionals need to be concerned about our ability to perform forensic analysis, and gather information outside of our realm of direct influence to identifier a hacker? Do elements of GDPR create a situation in which hunting for a hacker might violate their privacy rights? In the end will companies still be able to monitor and protect their assets as they do today, or will it require a change? This webinar will provide insight into the Privacy vs Security Debate.


Pete Lindstrom, IDC


Pete Lindstrom is Research Vice President for Security Strategies. His research is focused on digital security measurement and metrics, digital security economics, and digital security at scale. Mr. Lindstrom is responsible for driving the vision of enabling digital transformation through proper technology risk management that makes efficient and effective economic decisions supported by evidence and outcome analysis leading to a security model that aligns with the 3d platform.

Prior to joining IDC in 2014, Mr. Lindstrom accumulated 25 years of industry experience as an IT auditor, IT security practitioner, and industry analyst. He has extensive and broad expertise with a variety of information security products, but is best known as an authority on cybersecurity economics issues, such as strategic security metrics, estimating risk and return, and measuring security programs. He has also focused on applying core risk management principles to new technologies, architectures, and systems, focusing on the use of virtualization, cloud security, and big data. He has developed the "Four Disciplines of Security Management" (a security operations model), and the "5 Immutable Laws of Virtualization Security," which was integrated into guidance from the PCI Council.

Mr. Lindstrom is a frequent contributor to popular business and trade publications. He is often quoted in USA Today, WSJ Online, Information Security Magazine, VAR Business,, and CSO Magazine. His columns and articles have appeared in Information Security Magazine,, ISSA Journal, and CSO Online. Additionally, Mr. Lindstrom is a popular speaker at the RSA Security Conference, InfoSec World, ISSA International Conference, and many regional conferences.

In addition, to his extensive industry experience, Mr. Lindstrom served as an officer in the U.S. Marine Corps and received a bachelor's degree in Business Administration (Finance) from the University of Notre Dame.



Brad Keller, Prevalent

Brad is the Sr. Director of 3rd Party Strategy at Prevalent, Inc. where he focuses on the delivery of Prevalent’s third party risk management and assessment solutions. That focus includes assisting clients with the evaluation and enhancement of their 3rd party risk programs as well as ways to fully leverage their investment in Prevalent 3rd party products and managed services.

Prior to joining Prevalent, he was a Senior Vice President with The Santa Fe Group focusing on the management of the Shared Assessments Program. At Shared Assessments he led the development of Shared Assessments tools, training, and the Certified Third Party Risk Professional (CTPRP) program. During his years in Banking, Brad was responsible for risk management, privacy, and regulatory compliance, including third party oversight. He was instrumental in the development and management of: business risk self-assessment and third party assessment programs; FFIEC-compliant authentication programs; and led key initiatives in anti-phishing and brand protection programs for the banks.


Brad also served as an online privacy and compliance officer where in addition to online risk, he was responsible for online privacy and compliance across the enterprise. These responsibilities included: the implementation and management of the policies and processes for ensuring that third party contracts contained all appropriate and necessary privacy and security provisions, and the ongoing review and approval of all technology and security related vendor contracts. He was also responsible for online authentication and identity theft initiatives, led the development of commercial eCommerce strategy, implemented key retail eCommerce, and served as a member of the Corporate Risk Governance Committee.


Brad’s extensive financial service experience includes managing regulatory examinations by the Federal Reserve, Securities and Exchange Commission, Federal Home Loan Bank Board, and the New York Stock Exchange; serving as a commercial loan and workout officer for a national bank; leading vendor management, anti-phishing and fraud initiatives for BITS; and, managing failed thrifts for the Federal Home Loan Bank Board. In his law practice, Brad spent more than 10 years in banking, commercial contract, bankruptcy, white-collar crime, and commercial litigation.


Brad is a Certified Third Party Risk Professional (CTPRP) and serves as part of the CTPRP faculty. He is an active member of several Shared Assessments Working groups and serves as the Chair of the Vendor Risk Management Maturity Model Group.
Brad graduated with honors from the University of Missouri with a in Finance and received his J.D. with honors from St. Louis University School of Law. He is admitted to practice law in Oklahoma.


Mathieu Gorge, Vigitrust

Mathieu Gorge is an established authority on IT security, risk management, and compliance with more than 15 years’ experience in Europe, Australia, and the United States. Mathieu is a PCI DSS (Payment Card Industry-Data Security Standard) and data expert. Mathieu is also President of the France Ireland Chamber of Commerce in Dublin, Ireland. In 2014, he was appointed French Trade Foreign Advisor by the French government— [Conseiller du Commerce Extérieur de la France.] Mathieu is in high demand as a speaker at global security conferences, such as RSA, ISSA, ENISA & ISACA. He also works closely with the PCI Council in the United States and European Union.


Randy Sabett, Cooley, LLP

Randy V. Sabett, J.D., CISSP, Attorney with Cooley LLP, began his career as a crypto engineer at the NSA and has spent over 20 years at the intersection of legal, technical, and policy aspects of cybersecurity and privacy. Mr. Sabett served on the Commission on Cybersecurity for the 44th Presidency and ISSA NOVA board, is a member of the Boards of Directors for the Georgetown Cybersecurity Law Institute and MissionLink, and has appeared on or been quoted in a variety of national media sources.


James Jaeger, Arete Advisors

Jim is the Chief Cyber Strategist for Arete Advisors. He has over thirty years of technical and leadership experience in both the federal government and industry. He has led incident response and forensic investigations into some of the largest cyber breaches to impact the US. Jim also has significant experience with cyber security gained during his tenure with the US Air Force and the National Security Agency. Jim established and led General Dynamics’ government and commercial cyber defense and forensics business practice, where he personally directed investigations into some of the largest and most complex network intrusions in history. Jim retired from the Air Force as a Brigadier General in 1997

Community Search
Sign In


ISSA International Series: Breach Response - Humans in Security

ISSA Thought Leadership Series: Security-as-a-Service for Small and Medium Sized Businesses

ISSA International Series: Passwordless Authentication

ISSA International Series: Privacy - GDPR a Year Later

ISSA International Series: Security Standards Organizations - The good, the bad, and the ugly?

Copyright © 2016, Information Systems Security Association, All Rights Reserved
Privacy PolicyCopyright Information