You have been temporarily restricted. Please be more thoughtful when adding content for your portfolio. Your portfolio and digital media kit and should be reflective of the professional image you wish to convey. Accounts may be temporarily restricted if we receive reports of spamming or if the system detects excessive entries.
Membership
Publish your original ideas on the Thinkers360 platform!
This feature is available for Pro and Pro-Plus Members Only.
Speaker Bureau functionality whereby individuals can be featured speakers within our Speaker Bureau service and enterprises can find and work with speakers.
This feature is available for Pro, Pro-Plus, Premium and Enterprise Members Only.
Highlight your featured products and services within our company directory for enhanced visibility to active B2B buyers worldwide. This feature is available for Pro, Pro Plus, Premium and Enterprise Members Only.
Contribute to the Thinkers360 Member Blog and have your thought leadership featured on our web site, newsletter and social channels. Reach our opt-in B2B thought leader community and influencer marketplace with over 100M followers on social media combined!
You’ve reached your daily limit for entering quotes. Please only add personally-authored content which is reflective of your digital media kit and thought leadership portfolio.
Thinkers360 Content Library
For full access to the Thinkers360 content library, please join ourContent Planor become a contributor by posting your own personally-authored content into the system viaAdd PublicationorImport Publication.
Dashboard
Unlock your personalized dashboard including metrics for your member blogs and press releases as well as all the features and benefits of our member plans!
Interested in getting your own thought leader profile? Get Started Today.
Alyssa Miller
Chief Information Security Officer (CISO) at Epiq Global
Milwaukee, WI, United States
Alyssa Miller is a hacker/researcher, security advocate, and security leader. With over two decades of experience in IT, first as a programmer and then as a penetration tester and security consultant, Alyssa has earned a reputation for being able to credibly operate on both sides of the fence between technical experts and high-level business executives.
A naturally curious lover of technology, Alyssa has always had a passion for deconstructing technology to learn how it functions and improve upon it. Computers, in particular, have fascinated her since she was in pre-school when her father would bring home a computer from work. At the age of 12 she saved up enough money to buy her first computer on which she taught herself BASIC programming, operating systems and even asynchronous communications protocols. Still it wasn’t until after three semesters of pre-med studies at Marquette University that Alyssa finally found her career calling and switched to the Computer Science program.
Alyssa’s professional track record includes heading the enterprise security testing and vulnerability management program for a Fortune 500 Financial Technologies firm, leading the application security program practice for highly respected boutique consulting firm, and her current role as SVP and CISO for Epiq Global.
Alyssa speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level security program strategies, to issues within the security community itself. She is a member of the board for Epiphany Solutions Group and engages with the community through her blogs, video content, podcast appearances, and social media presence.
Available For: Authoring, Consulting, Influencing, Speaking Travels From: Milwaukee, WI Speaking Topics: Application Security, Cyber Security Strategy, Emerging threats and trends
Alyssa Miller
Points
Academic
0
Author
215
Influencer
877
Speaker
135
Entrepreneur
60
Total
1287
Points based upon Thinkers360 patent-pending algorithm.
Tags: Big Data, Cybersecurity, Emerging Technology
38 Article/Blogs
I’m here and I’m human
LinkedIn
March 31, 2022
Hi, here I am. I am Alyssa. I am a 44-year old woman and a parent of three wonderful children. I am an executive leader at one of the oldest and best-known financial firms on Wall Street. I am a public speaker who travels internationally to share my work at large conferences with 10’s of thousands of people a year. I am an author, my first book is currently in production and will be in print soon. I am a soccer referee, and I officiate some of the highest levels of competition in the Big1G. I am currently enrolled in flight school and planning to get my Private Pilot Certificate. I am also transgender.
Cyber Defenders' Career Guide
Manning Publications
January 25, 2022
Cyber Defenders' Career Guide unlocks your pathway to becoming a great security practitioner.
Kickstart a career in cyber security by learning how to adapt your existing technical and non-technical skills with Cyber Defenders' Career Guide.
Cyber Defenders' Career Guide unlocks your pathway to becoming a great security practitioner. You’ll learn how to reliably enter the security field and quickly grow into your new career, following clear, practical advice that’s based on research and interviews with hundreds of hiring managers. Author Alyssa Miller has spent over a decade in cyber security leadership and talent development, and she shares her unique perspective in this revealing industry guide.
Purchase of the print book includes a free eBook in PDF, Kindle, and ePub formats from Manning Publications.
When words mean more than intentions
LinkedIn
December 23, 2021
A recent series of Tweets turned into a chance to highlight the real issues of unconscious and unintended bias. Maybe you saw me and others calling out a well-known person in the network engineering space for tweets that came across to many as misogynistic or sexist. After calling him out publicly multiple times, I did also reach out to him directly. We spoke, had nearly an hour long conversation, and I believe we both learned quite a bit and gained some necessary perspective from each other. I’m hoping to double-down on that learning and understanding to share some thoughts here that others can hopefully take to heart as well.
Security IS a Business Function
Import from wordpress feed
October 15, 2021
We as security leaders have to start thinking differently. We cannot continue to silo ourselves from the business and then preach about how we’re going to enable the business.
The post Security IS a Business Function appeared first on Alyssa Miller.
Security IS a Business Function
Alyssa Miller
October 01, 2021
I hear and see a growing number of security leaders and executives talking about the job of security to “enable the business”. This is a promising sign that we’re getting better in security spaces about recognizing our true role and demonstrating our value to the organization. However, what I’ve also discovered is that when I ask probing questions of these leaders, many of them do not understand *how* security enables the business. They struggle to articulate just what it is about security that drives business success. I believe this is because we still look at security as separate from the business and that we need to approach security as a business function.
Plagiarism at EC-Council, an Open Response
Alyssa Miller
June 28, 2021
Cases of plagiarism by cyber security certification company EC-Council have been documented for over a decade. As I wrote previously, I personally was one of many victims of this behavior recently. On June 27, 2021, I was contacted by email by the CEO of EC-Council, Jay Bavisi, to inform me that they had released a statement regarding the issue.
Ethics in Cybersecurity Marketing – Principles of Value Contribution
Alyssa Miller
June 23, 2021
Ethics in Cybersecurity Marketing is a topic of hot debate among many security practitioners. Cybersecurity vendors are often criticized for how the marketing campaigns they deploy, the promises they make and the practices they use to reach members of the community.
So You Think You’re Inclusive?
LinkedIn
April 28, 2021
With all the attention transgender people are receiving as result of a flurry of anti-trans legislation in the past month, many organizations are looking to ensure the inclusive to all. Many will look to the Human Rights Campaign’s (HRC’s) Corporate Equality Index (CEI) as a measure of how well they are doing. While the HRC has added a number of key metrics to measure transgender inclusivity specifically, there are many issues not covered that could be driving your employees to leave or candidates to avoid employment with your organization. Even with the recent US Supreme Court decision in 2020 that discrimination against transgender people falls under sex-based discrimination prohibitions in Title VII of the Civil Rights Act, many exclusionary facets that don’t reach the legal bar for discrimination still exist in workplaces. I’d like to highlight some key areas that often are missed by organizations when they look to build a more inclusive environment.
Hacking is not a crime – and the media should stop using 'hacker' as a pejorative
The Register
March 03, 2021
Hey #infosecurity community, I need your votes. I was invited by The Register to contribute an article to their debate series. This week we're debating the use of "hacker" as a pejorative. My argument FOR the proposal that the media should stop using hacker to describe cybercriminals was posted today.
Their rebuttal argument will be published on Friday, so I need your votes FOR this argument. We've all seen the horribly cliched imagery and inaccurate descriptions of cyber criminals as hackers. Here's a chance to speak out against that poor terminology. Please also re-share for reach!!
What is a Business Information Security Officer (BISO)?
Alyssa Miller
December 23, 2020
A Business Information Security Officer (BISO) is a senior security leader assigned to lead the security strategy of a division or business unit. They provide a bridge from the centralized security function to the business. The BISO functions like a deputy CISO reporting into the business line.
Tags: Cybersecurity, Leadership, Business Strategy
Cheatsheet: top 10 application security acronyms
Snyk
December 01, 2020
Picture this situation: you as a developer are in a meeting where a security practitioner is discussing the results of a recent penetration test or static analysis of code you’ve written.
Throughout the discussion, they use various acronyms that they just assume you know the meaning of, yet in reality, they are not terms you’re familiar with. Does this sound familiar to you? Unfortunately, this seems to be a common occurrence in many DevSecOps organizations. In fact, we at Snyk fell into this trap with our recent announcement of the SAST capabilities in Snyk. We received a lot of feedback on social media that people didn’t know what SAST was. So, we thought it would be a good idea to put together a cheatsheet of the top 10 most common security acronyms—and don’t worry, we have included SAST as one of them so keep reading to find out what that’s all about.
Buffer overflow in Chromium affecting multiple packages
Snyk
November 23, 2020
Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who are helping identify and remediate vulnerabilities across the open source community.
Diversity doesn't happen by accident, but it has tangible business value. You have to actively focus on breaking out of the systemic biases that exist in your hiring and promotions practices. We're not talking "affirmative action" style hiring here, I'm talking about challenging your very conceptions of what criteria constitutes qualified candidates. Looking deeper than just the skillsets that match yours.
SourMint: iOS remote code execution, Android findings, and community response
Snyk
October 15, 2020
The Snyk research team is committed to helping secure developer ecosystems by researching and disclosing potential security exposures that would impact application developers. As part of this ongoing effort, Snyk has leveraged new information to conduct additional research into the Mintegral SDK. As a result of this research, additional findings have been uncovered.
SourMint: malicious code, ad fraud, and data leak in iOS
Snyk
August 24, 2020
The Snyk research team has uncovered malicious behavior in a popular Advertising SDK used by over 1,200 apps in the AppStore which represent over 300 Million downloads per month, based on industry expert estimates.
Reflecting on Transgender Day of Visibility
LinkedIn
March 31, 2020
March 31 each year is marked as Transgender Day of Visibility. According to the Human Rights Campaign, it is a day to commemorate “the courage it takes to live openly and authentically”. For those that live in silence, hiding their authentic selves, the day can serve as motivation to share their true selves with the world, if only for that one day a year. For others it’s a day to publicly recognize their journey to authenticity and be bold in bringing awareness to the world that transgender people are human beings like everyone else.
Don’t Tap That Mic
Import from wordpress feed
February 28, 2020
Top 1o tips for working with production crews as a speaker A colleague and I were recently talking about the bad habits we’ve seen from speakers at various conferences. This led to a deeper discussion on the importance of the production teams at these events. I think for many speakers the prod
Don’t Tap That Mic
Import from wordpress feed
February 27, 2020
Top 1o tips for working with production crews as a speaker A colleague and I were recently talking about the bad habits we’ve seen from speakers at various conferences. This led to a deeper discussion on the importance of the production teams at these events. I think for many speakers the prod
Are expectations in promotion helping fuel the “Skills Gap”
Search job postings and you’ll find there are plenty of companies bragging about how they invest in their people. Internally, organizations like to boast about having a culture of promoting from within. Indeed, there are no shortage of articles touting the value of internal promotions processes. Yet, I must wonder if these words translate into action. While I’m still gathering the data in my surveys, some respondents have also reached out to me directly to share their stories. Quite a few tell me about how difficult it is to transition internally into security-related roles.
Tags: Leadership, Privacy, Diversity and Inclusion
RSA Conference Schedule
Import from wordpress feed
February 07, 2020
Where to find me at RSA As I’ve announced previously through social media, I’ve received the great honor of being accepted to speak at the RSA Conference in San Francisco this year. One thing has become very apparent thus far, this is a huge networking event and everyone wants to meet up
It Shouldn’t Be This Hard
Import from wordpress feed
January 30, 2020
There are seemingly conflicting messages about a cyber security skills gap and security professionals who can't find jobs. Why is this happening and how can we fix it?
The post It Shouldn’t Be This Hard appeared first on Alyssa Miller.
It Shouldn’t Be This Hard
Import from wordpress feed
January 29, 2020
There are seemingly conflicting messages about a cyber security skills gap and security professionals who can't find jobs. Why is this happening and how can we fix it?
The post It Shouldn’t Be This Hard appeared first on Alyssa Miller.
An Exciting Start to 2020
Import from wordpress feed
December 31, 2019
In a previous post I announced that I would be leaving my current role shortly after the new year. On New Year's Eve it seems appropriate to announce where I'm going and what I'll be doing.
The post An Exciting Start to 2020 appeared first on Alyssa Miller.
Closing Out 2019 and Looking Ahead
Import from wordpress feed
December 21, 2019
Announcing a new development as 2020 approaches Looking back at 2019, it has been a tremendous year for me from a personal and career development perspective. I’ve been very fortunate to elevate my involvement in the security community. I’ve documented much of it in this video I made in
Closing Out 2019 and Looking Ahead
Import from wordpress feed
December 20, 2019
Announcing a new development as 2020 approaches Looking back at 2019, it has been a tremendous year for me from a personal and career development perspective. I’ve been very fortunate to elevate my involvement in the security community. I’ve documented much of it in this video I made in
Cybersecurity Career Guide unlocks your pathway to becoming a great security practitioner. You’ll learn how to reliably enter the security field and quickly grow into your new career, following clear, practical advice that’s based on research and interviews with hundreds of hiring managers. Practical self-analysis exercises identify gaps in your resume, what makes you valuable to an employer, and what you want out of your career in cyber. You’ll assess the benefits of all major professional qualifications, and get practical advice on relationship building with mentors.
Epic Women in Cyber — Alyssa Miller
Medium
September 09, 2020
Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs.
Making Security a Business Function
Intent Summit 2021
November 16, 2021
NOVEMBER 16, 2021 8:15AM ET
In her keynote, Alyssa examines how security can go beyond managing risk and truly demonstrate the value we bring to the business itself. Regardless of whether you’re early in your career as an individual contributor or a seasoned veteran in a high-level leadership role, you’ll discover a new way to present security as a business accelerator. You’ll hear examples of how security can drive product agility, encourage innovation, improve business viability, and ultimately enhance profitability. We’ll even discuss how the emerging role of Business Information Security Officer can be leveraged to make this possible.
A Sustainable Security Workforce Starts at the Local Coffee Shop
RSA Conference
May 12, 2021
How do we resolve this cyber security talent shortage? Well the answer may not be what you think it is. Join me for my session at RSA Conference on Thursday, May 20 at 11:15PST, I'll share with you the results of my research into this problem, the core issues I was able to identify, and some solutions for how organizations can begin to overcome the struggles in finding cybersecurity talent.
The skills gap gets a lot of press but does it exist? This session will present research that paints a different picture. Our industry has created an unsustainable workforce paradigm. It’s time we admit that our security skills expectations are broken and work to be better. Session will detail a radical change in approach and shows why one's favorite barista might be their next great security hire.
PASTA and OCTIVE and STRIDE, Oh My! Bringing Threat Modeling Out of the Woods Accepted
Container Solutions
May 12, 2021
There are no emojis or GIFs worthy of introducing our new #WTFisSRE keynote speaker so we’ll give it to you straight. ️Alyssa Miller (Great hacker. Great human. Exceptional tweeter. Soccer referee, Guitarist. Photographer.) is gracing our screens on 20 May! Register today!
Threat modeling is an extremely valuable tool in the secure software development pipeline. Some studies suggest it has greater impact on security posture than other more widely practiced security activities. There are many different frameworks, models, and methodologies that have been developed in an attempt to make threat modeling easier. Yet, despite these efforts, popular approaches to threat modeling are often still considered too cumbersome, structured, or time consuming to fit into modern development cycles.
In 2020, a group of 15 security professional released the Threat Modeling Manifesto to formalize decades of combined experience into a declared vision of what threat modeling truly is and what makes it important. Learn from one of these authors about how to break with the complex models and return to the values and principles of what threat modeling should be. Discover how this often-over-looked activity can actually make development pipelines more efficient while improving overall security of software. Get real practical examples of how you can use the manifesto as a guide to define or tailor a methodology that fits your needs and avoid common pitfalls that often derail this critical activity.
So Happy Together – Making Life Better with a Real DevSecOps Culture
JFrog
May 11, 2021
Alyssa Miller of S&P Global Ratings discusses tangible, practical actions organizations can take to immediately improve their DevSecOps strategy. Don’t miss her keynote, “So Happy Together - Making Life Better With a Real DevSecOps Culture” at #swampUP. Save your seat. The event is free: https://jfrog.co/3tVyZAB
WED 1:30PM-2:00PM
It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after its introduction that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep security on the outside looking in when it comes to DevOps culture. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share the key issues that our security teams often fail to overcome when trying to leverage security practices Through her analysis, Alyssa identifies tangible, practical actions that organizations can take immediately to begin improving collaboration and enablement within pipeline. Alyssa will demonstrate how adding the Sec to DevOps can actually make Developers and Operations happier, more efficient, and more effective. Finally, Alyssa delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be cultivated and extended into the broader business.
Back again in 2021 as a virtual conference, The Diana Initiative is a two-day conference to elevate, inspire, and support women of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources.
The event is taking place July 16-17, 2021
As each attendee needs their own hopin login in order to attend the event, we encourage you to only purchase your own ticket. We have readily available free tickets so you can encourage your guests to utilize this option!
Tags: Cybersecurity, Leadership, Diversity and Inclusion
7th Annual CyberJutsuAwards Ceremony
Women's Society of Cyberjutsu
October 30, 2020
We are pleased to announce that 7th Annual #CyberJutsuAwards will be held on October 30th, 2020. Join us for a night of fun and festivities as we celebrate those who have made an impact in the cybersecurity world and within WSC. All proceeds from the Annual Cyberjutsu Awards ceremony go towards improving WSC programs for women and girls!
STEALING REALITY – DEEPFAKES USHERING IN A NEW PARADIGM OF ATTACKS
CypherCon
April 02, 2020
As a result of continuing advancements in neural networks, deep fake media has become increasingly convincing and easy to produce. Experts have warned of the impact this could have on elections and personal security. Additionally, deepfakes also pose very real threats to businesses and global markets, although these threats receive far less attention.
Hacker and Security evangelist Alyssa Miller will analyze the technology behind creating deep fake media, showing how Generative Adversarial Networks (GAN) create convincing fake videos and audio from very limited samples. She will examine research into both low-tech and AI/ML based detection methods and counter measures, including leveraging the same neural network approaches being used to create deep fakes to help detect them. She’ll continue by discussing the theory and research behind countermeasures such as Adversarial Perturbations and show how they can defeat facial recognition algorithms that deepfake generation relies on. Finally, Alyssa will present methods being developed to help certify the authenticity of real media.
Tags: Cybersecurity, Digital Disruption, Emerging Technology
Breaking and Entering: A Hacker’s Guide to Restoring Consumer Trust
SIM Wisconsin Chapter
October 08, 2019
As organizations seek to better monetize their business capabilities, requirements for data and privacy protection can seem inhibitive. How can technology be applied to uphold consumer trust and satisfaction while simultaneously supporting continued business evolution? Join real-world hacker and security evangelist Alyssa Miller as she identifies critical issues that have prevented businesses from adequately meeting the standards of security and privacy their customers have come to expect. Likewise, she will use her unique perspective to share a new strategic framework for designing cybersecurity defenses that ensure the protection of all forms of critical assets and enables new growth opportunities.
Inside-Out Security: Why We Should Build Castles Instead of Warehouses
CDW Protect SummIT - Philadelphia
August 19, 2019
Medieval castle builders made effective use of simple design principles to defend the most valuable assets inside. Centuries later, we’ve forgotten those valuable lessons as we defend our IT assets. From the moment we began enabling multi-user systems, we’ve approached how we defend our information in all the wrong ways. Join us for this session as we look at a completely different approach to designing security in our systems. We’ll explore new ways to understand what assets are, what threats they face, and how to leverage three basic types of defense mechanisms to effectively protect what we hold most dear. To add context to this new approach, we’ll draw on trends and lessons learned from thousands of security assessments and deployments across a vast portfolio of security technologies. All of this will show why it’s time to defend your crown jewels inside a fortified castle rather than a thinly constructed warehouse.
CDW Protect SummIT - February 2019
CDW Executive Summit Series
February 25, 2019
Delivered keynote on shifting the cyber security mindset from perimeter security strategies that have failed us for 60 years to an asset centric approach referred to as Inside-Out Security. Delivery was to an audience of executive business and security leaders.
Lifelong Hacker and Experienced Security Executive Alyssa Miller, Author of Cybersecurity Career Guide
YouTube
March 18, 2022
In this OODAcast we ask Alyssa for context of use to cybersecurity professionals, including discussing insights important to those just starting out, those seeking to continue their self improvement journey, and those seeking to laterally move into the community. In the discussion we also capture the fact that the book is also a great resource for the most experienced cybersecurity professionals, since these more senior individuals are frequently asked for mentorship and other career advice and will find this to be a good source of current insights.
How Risk Management Can Help Strengthen Cybersecurity with Alyssa Miller of S&P Global Ratings
YouTube
March 18, 2022
In the new episode of Dr. Dark Web, Chris Roberts welcomes Alyssa Miller, the BISO at S&P Global Ratings. They have an exciting chat about cybersecurity, the modern perspective on intelligence and information, and the importance of understanding that businesses should know the truth about their cybersecurity, no matter how harsh it is.
How to manage imposter syndrome in cybersecurity
TechTarget
February 28, 2022
The imposter syndrome phenomenon is readily apparent in cybersecurity. Learn how to manage it, along with mishaps to avoid during the job hunt and other career advice.
A TechTarget Security interview with ️Alyssa Miller Miller, author of Cyber Security Career Guide.
Conversations with a BISO
YouTube
January 26, 2022
The Business Information Security Officer (BISO) role is a relatively new role in CyberSecurity and thus unknown to many. Fear not! We got you covered. Alyssa Miller, Hacker, BISO and Author of Cyber Security Career Guide, joins us in this episode of Out of Band to demistify her role in cybersecurity.
We talk about everything from: how she got there, how we can get there, building your brand, why remaining authentic matters and how we all can #DoBetterBeBetter.
Curious? Tune In!
Tags: Cybersecurity, Leadership, Diversity and Inclusion
How to pick your cybersecurity career path | Cyber Work Podcast
YouTube
June 21, 2021
Alyssa Miller of S&P Global Ratings discusses the easiest pentest she ever ran on an app and the importance of diversity of hiring, not just “diversity of thought.” She also gives some of the best advice we’ve heard yet on picking your cybersecurity path.
Tags: Cybersecurity, Leadership, Diversity and Inclusion
#115 – Alyssa Miller: We Are Lacking Empathy
Cybersecurity Interviews
February 22, 2021
Alyssa Miller leads the security strategy for S&P Global Ratings as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust.
A native of Milwaukee, Alyssa began her IT career as a programmer for a Wisconsin-based financial software provider. Her security passion quickly shaped her career as she moved into a leadership role within the ethical hacking team, conducting penetration testing and application assessments along with her team.
As a hacker, Alyssa has a passion for security that she evangelizes to business leaders and industry audiences through her work as a cybersecurity professional and through her various public speaking engagements. When not engaged in security research and advocacy, she is also an accomplished soccer referee, guitarist, and photographer.
In this episode, we discuss why she misses conferences, starting with computers at an early age, diversity, equity, and inclusion, the discrimination she has faced, the lack of understanding of privilege, discriminatory hiring practices, how to be an ally, and so much more!
Tags: Cybersecurity, Leadership, Diversity and Inclusion
#115 – Alyssa Miller: We Are Lacking Empathy
Cyber Security Interviews
February 22, 2021
Alyssa Miller leads the security strategy for S&P Global Ratings as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust.
Tags: Cybersecurity, Leadership, Diversity and Inclusion
Hacked Off Podcast | 78 | Alyssa Miller: Threat Modelling & DevSecOps
Soundcloud
October 23, 2020
Application Security Advocate, Alyssa Miller talks passionately about the importance of a collaborative approach to security, where implementing a culture of building efficiently and understand security as you go, can help with getting ahead of the game.
Meet the researcher who wants employers to write better infosec help wanted ads
SC Media
September 25, 2020
Spot the problem: A job description posts that requires five years experience on software brought to market last year. Or it calls for expertise on every system developed since the Apollo program.
Dozens of help wanted ads are shared and ridiculed among experienced pros looking for new gigs and novices looking to start careers in an industry notorious for a workforce gap. Alyssa Miller, a security advocate at Snyk and a longtime hacker and researcher, wants to save employers the embarrassment. She’s researching the phenomenon and what to do about it, even soliciting ads that “suck” for study here.
Ep. #75, DevSecOps Data with Alanna Brown, Gareth Rushgrove, and Alyssa Miller
Simplecast
September 04, 2020
In episode 75 of The Secure Developer, Guy Podjarny is joined by Alanna Brown, Senior Marketing Director at Puppet and mastermind behind the State of DevOps Report, Gareth Rushgrove, Product Director at Snyk and curator of Devops Weekly, and Alyssa Miller, Application Security Advocate, also at Synk. We often hear a lot of opinions and experiences from people who are working in development, so today we’re turning to the data, to figure out what works and what doesn’t in the world of DevOps and SecDevOps
Alyssa Miller From Snyk on the State of Open Source Security
Jono Bacon
July 14, 2020
Open Source has seen enormous growth in recent years, and this has shone the light on the security of the many different components in open source systems such as NPM, Linux, Kubernetes, Docker, and Debian. How do we ensure that the rapidly growing library of open source, which is often bundled into stacks, is safe and secure?
Secure Insights Highlighting Data Breaches And The Best Approach To Handle It
Sennovate
December 27, 2019
Unsure of why #databreach happens so often? Listen to my podcast with Alyssa Miller, Head of Information Security Solutions at CDW emphasizing her insights in data breaches and the way to handle it.
For SMBs, Cybersecurity Challenges Range from the Basic to the Sophisticated
BizTech Magazine
December 01, 2019
System misconfigurations are among the top cyberthreats facing small businesses. The cybersecurity risk that businesses face today is complex, and it demands a response that’s both sophisticated and fundamentally sound. Unfortunately, businesses are struggling on multiple fronts. The start of the new year is a good time to commit to getting it right.
From Hacking Toys To Threat Hunter And Soccer Ref
CyberCrime Magazine
October 13, 2019
CyberCrime Magazine published a feature article on Alyssa Miller in October of 2019. In this article, Alyssa discusses her passion for technology, how she got started in security and how her childhood curiosities turned into a lucrative cyber security career.
DtSR Episode 359 - Mind the Diversity Gap
Down The Security Rabbithole
August 20, 2019
This week, in the 2nd of two installments recorded live at Black Hat 2019, Alyssa Miller joins Rafal live to talk about some of the talks she's giving, and takes us back in time.
Highlights from this week's show include...
Rafal and Alyssa discuss the very real problems the lack of diversity in technology creates
A jab is taken at the TSA ...because it's just too easy
Alyssa revisits the 'castle analogy' for InfoSec and why it's so tough to get right
Much more fun... you'll have to listen in!
Earning a Place at the Table, Bringing Security to the Board Room
BrightTalk
August 06, 2019
As cyber security continues to evolve into a business priority, having conversations at the highest levels about how to address security threats becomes crucial. Hear from CDW’s Alyssa Miller as we discuss why it is so important for the CISO to have a place in the board room and ways the CISO can encourage this interaction and improve their effectiveness in working with the Board of Directors.
We’ll discuss common challenges and new ways to address those challenges ensuring the CISO is positioned to become that trusted advisor for the organization.
Join us as we discuss:
- The importance of discussing cyber security strategies at a board level
- What challenges prevent cyber security from being a regular topic for the board
- Approaches that CISOs may employ to help gain visibility with the board and more!
CISO's Toolbox: Strategies for Success
Bright Talk
August 06, 2019
What do CISOs need to be successful at their job? Discover the challenges CISOs are facing and the ways they are solving them.
Join security experts as they discuss the strategies, processes and technologies CISOs use to protect their organizations in the age of breaches:
- What keeps CISOs up at night
- Strategies for breach prevention
- Strategies for making the most of AI technology and human talent
- Coping with analyst fatigue
- Threats on the horizon
- Recommendations for strengthening security
Global Security: Combating Cyber Threats
NaplesNEXT
March 18, 2019
At NaplesNEXT Ideas Festival in 2019, Alyssa Miller appeared alongside former CIA Director John Brennan to discuss the state of global Cyber Security. It was a panel discussion moderated by Natasha Bertrand of The Atlantic. Alyssa and Mr. Brennan discussed strategies for cyber security defense as well as the pitfalls of offensive strategies around Cyber Security.
Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Jess Vachon | Episode 37
YouTube
March 08, 2023
Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.
Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Kayla Williams | Episode 36
YouTube
February 22, 2023
Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.
Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Jerry Bell | Episode 36
YouTube
February 08, 2023
Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.
Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Kevin Jackson | Episode 19
YouTube
August 03, 2022
It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.
Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.
Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.
Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.
It's time to build and secure the bridge to the business.
Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Jessica Robinson | Episode 18
YouTube
July 27, 2022
It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.
Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.
Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.
Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.
It's time to build and secure the bridge to the business.
Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Chuck Brooks | Episode 17
YouTube
July 20, 2022
It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.
Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.
Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.
Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.
It's time to build and secure the bridge to the business.
Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Gabrielle Hempel | Episode 16
YouTube
July 13, 2022
It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.
Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.
Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.
Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.
It's time to build and secure the bridge to the business.
Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Liz Wharton | Episode 15
YouTube
June 29, 2022
It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.
Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.
Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.
Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.
It's time to build and secure the bridge to the business.
Securing Bridges | A Live Stream Podcast With Alyssa Miller | Guest: Larisa Breton | Episode 14
YouTube
June 22, 2022
It is a podcast, yes, but you can join us as we record each episode live on Twitter, LinkedIn, Facebook, and Youtube.
Live, Every Wednesday at 1pm PDT | 4pm EDT (USA) | The Recorded Podcast version is published a few days later.
Our ability to improve the security posture of our organizations depends heavily on connecting the security function with the various aspects of the business. Join our host, Alyssa Miller, as she and her guests examine key ways to build and secure the bridges between security, product development, the executive suite, and beyond.
Listen in as Alyssa sits down with senior and executive security leaders from various industries to share stories of successes and failures we experience working across business teams. Explore practical strategies for building sponsorship and gaining buy-in for security initiatives.
It's time to build and secure the bridge to the business.
A Conversation w/ Jen Easterly | Securing Bridges With Alyssa Miller Live @RSAConference 2022 | Ep13
YouTube
June 08, 2022
Streaming live from RSA Conference 2022, Alyssa Miller is joined by Jen Easterly, Director, Cybersecurity & Infrastructure Security Agency (CISA) to discuss her journey and role at CISA, public/private sector collaboration, the increased focused on the human element, and so much more.________________________________
Transformational Security
Trend Micro
May 12, 2021
Season 2 of #LetsTalkSecurity is headed your way, some more fantastic guests lined up and coming to a screen near you!
Episode 1 streaming live on the Trend Micro feed here, on YouTube, and on Twitter, or on my personal Twitter on the 20th May, featuring the incredible Duchess of Hackington Alyssa Miller
Look! There's a threat model in my DevOps.
Avocado Labs
October 06, 2020
I'm honored to be joining the good folks from Auth0's Avocado Labs next week. I'll be sharing practical methods for bringing Threat Modeling into the #DevSecOps pipeline and using it to enable more efficient delivery.
Losing Our Reality: How Deepfakes Threaten Businesses and Global Markets
RSA Conference 2020
February 26, 2020
As a result of continuing advancements in AI, deepfake media has become increasingly convincing and easy to produce. Experts have warned of the impact this could have on elections and personal security. However, the threats that deepfakes pose to businesses and global markets are often overlooked. This session will analyze those threats and present defense strategies business must consider.
Tags: Cybersecurity, Digital Disruption, Emerging Technology
THE DEATH OF TRUST: EXPLORING THE DEEPFAKE THREAT
BSides Vancouver Island
August 26, 2019
Deepfake media is becoming more common and easy to produce and it is expected to have a major impact on public discourse in upcoming elections. The use of Generative Adversarial Networks (GANs) has enabled the creation of incredibly lifelike artificial media. As a result, researchers and commercial organizations are scrambling to develop detection capabilities that can identify even the most convincing fakes.
In this session, we’ll describe the technical application of GANs when generating this media and highlight some of the most recent advances. We’ll also examine how the current limitations of this technology can be exploited by both low-tech and high order machine learning capabilities to detect deepfake media. Building upon limited published research, we’ll analyze the relative effectiveness of these techniques and explore how creators of false content could adapt in order to evade detection.
Additionally, we’ll consider those situations when detection may not always be enough. For instance, when the subject of a video claims it to be a fake or when there are national security concerns requiring us to confirm, with the highest degree of certainty, the veracity of the media. We will evaluate current technologies that seek to provide positive confirmation of digital media authenticity. Finally, we will propose further potential solutions and scrutinize their feasibility in helping maintain a high level of trust in digital media.
Tags: Cybersecurity, Leadership, National Security
Inside Out Security - Building Castles not Warehouses
Circle City Con
June 02, 2019
Medieval castle builders made effective use of simple design principles to defend the most valuable assets in their castles. Centuries later there are clearly lessons we’ve forgotten that could help when it comes to how we defend our IT assets. From the moment we started to enable multi-user systems, we’ve gone about defending our information in all the wrong ways. In this session we’ll look at a completely different approach to designing security into our systems. We’ll look at new ways to understand what assets are, what threats those assets face, and how to leverage three basic types of defense mechanisms to effectively protect what we hold most dear. Ultimately you’ll learn how to bring technology and offensive security practices together into a cohesive defense approach that works. It’s time to defend your crown jewels inside a fortified castle rather than a thinly constructed warehouse.
Breaking and Entering: A Hacker’s Guide to Restoring Consumer Trust
SIM Connect Live
May 16, 2019
As organizations seek to better monetize their business capabilities, requirements for data and privacy protection can seem inhibitive. How can technology be applied to uphold consumer trust and satisfaction while simultaneously supporting continued business evolution? Join real-world hacker and security evangelist Alyssa Miller as she identifies critical issues that have prevented businesses from adequately meeting the standards of security and privacy their customers have come to expect. Likewise, she will use her unique perspective to share a new strategic framework for designing cybersecurity defenses that ensure the protection of all forms of critical assets and enables new growth opportunities.
Introducing the 28-Day Get Hired Challenge
YouTube
February 01, 2023
Welcome to Day 1 of the 28 Day Get Hired Challenge!! In our first episode we're talking about some of the history of cybersecurity and how the role that cybersecurity plays in our digitally connected world.
How to WOW Submission Reviewers with a Stellar Proposal
RSA Conference
May 12, 2021
Join Women in CyberSecurity (WiCyS) and #RSAC June 9 at 2 PM ET for an honest discussion with #cybersecurity industry influencers sharing their stories of how they transformed every "no" into a "YES" to help you learn how to hone your expertise, experience and knowledge and create the most stellar of conference speaking proposals.
Speakers:
Diana Kelley
Alyssa Miller
Chloé Messdaghi
Tennisha Virginia M.
So you want to showcase your skills and speak at a technical conference? Great. Your voice matters. Conference organizers highly value new voices, and they are always on the lookout for ways to bring more talent to the stage. The good news is that there are opportunities abound and by submitting to conferences, you're honing in on your expertise, experience and knowledge, creating the most stellar of proposals. Join us for an honest discussion of cybersecurity industry influencers who weren't always used to being accepted when they initially submitted for speaking opportunities. They will share their stories of how they transformed every "no" into a "YES"!
How The Most Successful Cyber Leaders Get Support for Security
Battleship
January 28, 2021
In this Buy-In Blueprint webinar, Dan Blum, author of Rational Cybersecurity For Business, moderates a discussion on top tips and strategies to get buy-in for cybersecurity initiatives.
The panel features Alyssa Miller (BISO at S&P Ratings), Joel Fulton (CEO at Lucidum & Former CISO at Splunk), and Michael Charland (Global ISO at Hartford Steam Boiler).
They will discuss examples of strategies successful CISOs use to get support from the business and field questions from the audience.
At the end of the webinar, attendees will take away a Cybersecurity Business Alignment Cheat Sheet.
Join us to learn new strategies to build better relationships with your business leader counterparts and enable the security team to be perceived as a business partner.
This webinar will provide plentiful guidance on improving relationships, communications, and practices in pursuit of better cybersecurity-business alignment.
Look! There's a threat model in my DevOps.
Avocado Labs
October 13, 2020
You can't threat model in a CI/CD DevOps environment!!" This is a common belief among developers and security professionals alike. With frameworks like STRIDE, DREAD, PASTA, etc. threat modeling is typically viewed as a heavy-weight, time-consuming exercise that is simply not compatible with high-paced development paradigms. As a result, organizations that employ these paradigms commonly scratch threat modeling off their Secure SDLC checklist as simply impossible to implement without breaking their DevOps model. They lose sight of the core purpose of threat modeling and as a result are unable to tailor an approach that fits their development lifecycle.
In this session, we’ll turn those misconceptions about Threat Modeling upside down. We’ll go back to the core purpose of threat modeling. We’ll discuss what components of threat modeling are most crucial, what questions we should be asking and who should be answering them. Ultimately, this will all culminate into presentation of an alternative approach to Threat Modeling. We’ll walk through the details of how to implement this backlog-based approach in any development paradigm and demonstrate that it can be done without affecting our development timelines.
A Day In The Life of a Pentester
BugCrowd
August 01, 2019
In this discussion hosted by Phillip Wylie of Bug Crowd, Alyssa Miller, Bryan McAninch and Wirefall discuss various aspects of Penetration Testing to help both beginning pen testers as well as business leaders understand the strategies and methodologies involved.
Location: Any City Date Available:
January 01st, 2020 Fees: 3,500 + Travel Expenses
Submission Date:
January 03rd, 2020 Service Type: Service Offered
Alyssa is able to deliver engaging keynotes on a variety of Cyber Security related content. Everything from high level future analysis to detailed strategy discussions to addressing organizational issues such as talent or diversity challenges. Alyssa is an experienced speaker addressing audiences ranging from executive to extremely technical. She brings a unique mix of executive presence and technical acumen to craft a message that will resonate with your audience. Her speaking engagements span all manner of industry, thought leadership and entrepreneurial events.
Join Thinkers360 for free! Are you a Reader/Writer, Thought Leader/Influencer (looking to increase your earnings), or an Enterprise User (looking to work with experts)?
Advisory Board Member
I’m here and I’m human
Cyber Defenders' Career Guide
When words mean more than intentions
Security IS a Business Function
Plagiarism at EC-Council, an Open Response
Ethics in Cybersecurity Marketing – Principles of Value Contribution
So You Think You’re Inclusive?
Hacking is not a crime – and the media should stop using 'hacker' as a pejorative
What is a Business Information Security Officer (BISO)?
Cheatsheet: top 10 application security acronyms
Buffer overflow in Chromium affecting multiple packages
Hey You! We See You
SourMint: iOS remote code execution, Android findings, and community response
SourMint: malicious code, ad fraud, and data leak in iOS
Reflecting on Transgender Day of Visibility
Don’t Tap That Mic
A Promotions Gap
RSA Conference Schedule
It Shouldn’t Be This Hard
An Exciting Start to 2020
Closing Out 2019 and Looking Ahead
Treasurer, Board of Directors
Cybersecurity Career Guide
Epic Women in Cyber — Alyssa Miller
Making Security a Business Function
A Sustainable Security Workforce Starts at the Local Coffee Shop
PASTA and OCTIVE and STRIDE, Oh My! Bringing Threat Modeling Out of the Woods Accepted
So Happy Together – Making Life Better with a Real DevSecOps Culture
2021 Diana Initiative
7th Annual CyberJutsuAwards Ceremony
STEALING REALITY – DEEPFAKES USHERING IN A NEW PARADIGM OF ATTACKS
How to manage imposter syndrome in cybersecurity
#115 – Alyssa Miller: We Are Lacking Empathy
#115 – Alyssa Miller: We Are Lacking Empathy
Hacked Off Podcast | 78 | Alyssa Miller: Threat Modelling & DevSecOps
Meet the researcher who wants employers to write better infosec help wanted ads
Ep. #75, DevSecOps Data with Alanna Brown, Gareth Rushgrove, and Alyssa Miller
Alyssa Miller From Snyk on the State of Open Source Security
Secure Insights Highlighting Data Breaches And The Best Approach To Handle It
Transformational Security
Look! There's a threat model in my DevOps.
Putting the Sec in DevOps
Losing Our Reality: How Deepfakes Threaten Businesses and Global Markets
How to WOW Submission Reviewers with a Stellar Proposal
How The Most Successful Cyber Leaders Get Support for Security
Look! There's a threat model in my DevOps.
