This month we consider the vital importance of robust planning and strategy when it comes to better defending against cyber threats. The devastating attack on Colonial Pipelines brings this home. Subject to only generic security plans, the industry is highly vulnerable to exploits as we witnessed last week. But now is the time to ‘turn fear into action,’ writes Massoud Amin (University of Minnesota), as he offers up two lessons that pipelines can learn from electric utilities.
In his timely spring piece, Chris Veltsos (aka Dr. InfoSec) uses lessons learned from planning and tending a successful vegetable garden to remind us of the need to strategically plan our technology gardens. From outlining your wants & needs, to appropriately planning your cybersecurity tech stack, to care & monitoring and reflecting on improvements – Chris shares how a technology garden roadmap can help organizations meet their objectives. 
In another apt comparison, Chris Buse (Old Republic Title) likens security risk assessments to the concept of love. Like that subjective emotion, risk assessment will mean something different to everyone. Absent a generally accepted definition, Chris describes where he landed in his career-long quest to better understand and manage risk – and love.
Whether as a malicious act or inadvertent actions by careless employees, the greatest threat to an organization's information system is often on the inside. In our next webinar on May 25, Rebecca Morgan (National Counterintelligence and Security Center) shares what’s at stake and what can be done to counter insider threats. Register to join the 250+ people who have signed up for this complimentary event. 
Subject Matter Expertise to Pedagogy: Metropolitan State University in conjunction with the MN Cyber Institute is seeking Industry Cyber Experts to attend a free 3 days NSA-sponsored Pedagogical Preparation workshop. The workshop will provide the necessary pedagogical background, tools, and resources to teach cybersecurity courses at the college/university level. More information and workshop dates will be announced later. Interested applicants should send an email to

Cybersecurity Internship: Metropolitan State University is seeking prospective employers to offer internship opportunities (paid or unpaid) in cybersecurity to Juniors and Seniors who are enrolled in the BS in Cybersecurity and Combined (BS + MS) program in Cybersecurity operations. The students are required to complete a minimum of 4-credits (approximately 60 hours) worth of practical work during a semester-long cyber internship. Interested organizations are welcome to send an email to
Information Security Officer
» Bio
“No plan of operations extends with certainty beyond the first encounter with the enemy’s main strength.” 
Prussian military strategist,
Field Marshall Helmuth von Moltke

I really like this quote as it embodies the importance of a sound security strategy based on threat intelligence about the enemy. From that strategy, organizations need to develop plans that assure security posture and are adaptable to the enemy’s advances.  
Cyber Security Director
TCF Bank
» Bio
Cybersecurity should be a business enabling function not the department of “no”. Businesses inherently operate with some level of risk. It is the responsibility of Cybersecurity to communicate the risk to the appropriate owners to support an educated decision that enables the business outcomes. Cybersecurity needs to understand and align with the overall business strategy to support innovation, growth, and agility of the business. The Cybersecurity Roadmap should be directly correlated and scoped to the business initiatives.
Recorded Future is the world’s largest provider of intelligence for enterprise security. By combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future delivers intelligence that is timely, accurate, and actionable. Recorded Future is trusted by over 1,000 businesses and government organizations around the world. 

What is Intelligence as it relates to cybersecurity? Visit Recorded Future to find out.
With approximately 1200 members from over 100 organizations, the Minnesota chapter of ISACA provides a gateway to a global organization offering security, risk, control, privacy, and governance certifications. Additionally, ISACA offers a Certified Information Security Manager (CISM) certificate, as well as a Cybersecurity certification program (CSX) for both students and recent grads (Fundamental) as well as those with experienced skill sets (Practitioner.) To learn more, visit the chapter website.
The 11th Annual Cyber Security Summit takes place Oct. 25-27, 2021 in Minneapolis, MN and online (hybrid event). To stay up-to-date on the Summit and trending cyber security issues, follow the Cyber Security Summit on social media and use the hashtag #cybersummitMN for the latest conversations. For details, visit us online at
Sponsorship Opportunities
Interested in sponsoring Cyber Security Summit 2021? Explore the wealth of opportunities to feature your brand at this gathering of more than 1,000 national and international leaders from across all 16 critical infrastructure sectors. To learn about available sponsorship opportunities, contact Jennifer Churchill at 763-548-1306 or
This email was sent to you because of your relationship with Cyber Security Summit. If this email was forwarded to you and you would like to be added to our email list, click here to subscribe.

©2011-2021, EventShows, LLC. All Rights Reserved.