|Damon J. Small, Technical Director

Damon Small began his career studying music at Louisiana State University. Pursuing the changing job market, he took advantage of computer skills learned in the LSU recording studio to become a systems administrator in the mid 1990s. Over the past 18 years as a security professional he has supported infosec initiatives in the healthcare, defense, aerospace, and oil and gas industries. In addition to his Bachelor of Arts in Music, Small completed the Master of Science in Information Assurance degree from Norwich University in 2005. His role as Technical Director includes working closely with NCC Group consultants and clients in delivering complex security assessments that meet varied business requirements.
What Infosec in Oil & Gas can Teach us About Infosec in Healthcare
One advantage of working for a consultancy is the constant exposure to a variety of organizations in a variety of industries. This has given the speaker, Damon J. Small, an appreciation for the importance of not only understanding the challenges faced by clients in protecting their information assets, but also understanding those challenges in the context of the business in which they exist. It is never enough to simply tell a client, “I hacked all your things, now go fix it.” Rather, the successful consultant must also help the client understand the ramifications of each finding and how to prioritize mitigation efforts given that neither time nor money are infinite. To illustrate these points, the speaker will present several information security-related problems that have been successfully taken on by oil and gas clients. The speaker has learned that these problems are very similar to specific challenges faced by healthcare organizations, despite the fact that those industries are very unique to one another. The healthcare industry faces fiscal hurdles that energy companies generally do not, which makes it difficult for them to adapt as quickly. The speaker hopes that his analysis will help the audience learn from the experiences of other organizations in a way that will allow them to strategically align information security goals with current cyber threats more efficiently.
Schedule of Events