Thinkers360
Interested in getting your own thought leader profile? Get Started Today.

Alyssa Miller

BISO (Business Information Security Officer) at S&P Global Ratings

Milwaukee, WI, United States

40931 Followers

Alyssa Miller is a hacker/researcher, security advocate, and security leader. With over two decades of experience in IT, first as a programmer and then as a penetration tester and security consultant, Alyssa has earned a reputation for being able to credibly operate on both sides of the fence between technical experts and high-level business executives.

A naturally curious lover of technology, Alyssa has always had a passion for deconstructing technology to learn how it functions and improve upon it. Computers, in particular, have fascinated her since she was in pre-school when her father would bring home a computer from work. At the age of 12 she saved up enough money to buy her first computer on which she taught herself BASIC programming, operating systems and even asynchronous communications protocols. Still it wasn’t until after three semesters of pre-med studies at Marquette University that Alyssa finally found her career calling and switched to the Computer Science program.

Alyssa’s professional track record includes heading the enterprise security testing and vulnerability management program for a Fortune 500 Financial Technologies firm, leading the application security program practice for highly respected boutique consulting firm, and her current role as BISO (Business Information Security Officer) for S&P Global Ratings.

Alyssa speaks internationally at industry, vendor, and leadership conferences on topics ranging from technical security vulnerabilities, to high-level security program strategies, to issues within the security community itself. She is a member of the Board of Directors for Women of Security (WoSEC) and engages with the community through her blogs, video content, podcast appearances, and social media presence.

Available For: Authoring, Consulting, Influencing, Speaking
Travels From: Milwaukee, WI
Speaking Topics: Application Security, Cyber Security Strategy, Emerging threats and trends

Speaking Fee $5,000

Alyssa MillerPoints
Academic0
Author43
Influencer435
Speaker125
Entrepreneur60
Total663

Points based upon Thinkers360 patent-pending algorithm.

Thought Leader Profile

Portfolio Mix

Company Information

Company Type: Enterprise
Business Unit: None
Theatre: North America
Media Experience: 5 Years
Last Media Interview: 01/28/2021

Areas of Expertise

Big Data 35.95
Business Strategy 30.14
Cybersecurity 53.36
Data Center 30.69
Design Thinking
Digital Disruption 30.62
Emerging Technology 32.26
Govtech 30.23
HR 30.22
Leadership 35.14
Management 40.45
Privacy 33.40
Risk Management 31.40
Startups 30.51
Diversity and Inclusion 39.20
Social 30.77
Innovation 30.62
Marketing 30.29
Culture 30.72

Industry Experience

Consumer Products
Federal & Public Sector
Financial Services & Banking
Healthcare
High Tech & Electronics
Higher Education & Research
Hospitality
Other
Pharmaceuticals
Professional Services
Retail
Travel & Transportation
Utilities

Please signin or signup to view publication section.

Publications

1 Advisory Board Membership
Advisory Board Member
Blue Team Con
December 09, 2019
Member of the Advisory board and CFP Review Panel for Blue Team Con

See publication

Tags: Big Data, Cybersecurity, Emerging Technology

31 Article/Blogs
So You Think You’re Inclusive?
LinkedIn
April 28, 2021
With all the attention transgender people are receiving as result of a flurry of anti-trans legislation in the past month, many organizations are looking to ensure the inclusive to all. Many will look to the Human Rights Campaign’s (HRC’s) Corporate Equality Index (CEI) as a measure of how well they are doing. While the HRC has added a number of key metrics to measure transgender inclusivity specifically, there are many issues not covered that could be driving your employees to leave or candidates to avoid employment with your organization. Even with the recent US Supreme Court decision in 2020 that discrimination against transgender people falls under sex-based discrimination prohibitions in Title VII of the Civil Rights Act, many exclusionary facets that don’t reach the legal bar for discrimination still exist in workplaces. I’d like to highlight some key areas that often are missed by organizations when they look to build a more inclusive environment.

See publication

Tags: Social, Leadership, Diversity and Inclusion

Hacking is not a crime – and the media should stop using 'hacker' as a pejorative
The Register
March 03, 2021
Hey #infosecurity community, I need your votes. I was invited by The Register to contribute an article to their debate series. This week we're debating the use of "hacker" as a pejorative. My argument FOR the proposal that the media should stop using hacker to describe cybercriminals was posted today.

Their rebuttal argument will be published on Friday, so I need your votes FOR this argument. We've all seen the horribly cliched imagery and inaccurate descriptions of cyber criminals as hackers. Here's a chance to speak out against that poor terminology. Please also re-share for reach!!

See publication

Tags: Cybersecurity, Innovation, Leadership

What is a Business Information Security Officer (BISO)?
Alyssa Miller
December 23, 2020
A Business Information Security Officer (BISO) is a senior security leader assigned to lead the security strategy of a division or business unit. They provide a bridge from the centralized security function to the business. The BISO functions like a deputy CISO reporting into the business line.

See publication

Tags: Cybersecurity, Leadership, Business Strategy

Cheatsheet: top 10 application security acronyms
Snyk
December 01, 2020
Picture this situation: you as a developer are in a meeting where a security practitioner is discussing the results of a recent penetration test or static analysis of code you’ve written.

Throughout the discussion, they use various acronyms that they just assume you know the meaning of, yet in reality, they are not terms you’re familiar with. Does this sound familiar to you? Unfortunately, this seems to be a common occurrence in many DevSecOps organizations. In fact, we at Snyk fell into this trap with our recent announcement of the SAST capabilities in Snyk. We received a lot of feedback on social media that people didn’t know what SAST was. So, we thought it would be a good idea to put together a cheatsheet of the top 10 most common security acronyms—and don’t worry, we have included SAST as one of them so keep reading to find out what that’s all about.

See publication

Tags: Cybersecurity, Leadership

Buffer overflow in Chromium affecting multiple packages
Snyk
November 23, 2020
Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who are helping identify and remediate vulnerabilities across the open source community.

See publication

Tags: Cybersecurity, Leadership

Hey You! We See You
LinkedIn
November 19, 2020
Diversity doesn't happen by accident, but it has tangible business value. You have to actively focus on breaking out of the systemic biases that exist in your hiring and promotions practices. We're not talking "affirmative action" style hiring here, I'm talking about challenging your very conceptions of what criteria constitutes qualified candidates. Looking deeper than just the skillsets that match yours.

See publication

Tags: Leadership, Diversity and Inclusion

SourMint: iOS remote code execution, Android findings, and community response
Snyk
October 15, 2020
The Snyk research team is committed to helping secure developer ecosystems by researching and disclosing potential security exposures that would impact application developers. As part of this ongoing effort, Snyk has leveraged new information to conduct additional research into the Mintegral SDK. As a result of this research, additional findings have been uncovered.

See publication

Tags: Cybersecurity, Data Center

SourMint: malicious code, ad fraud, and data leak in iOS
Snyk
August 24, 2020
The Snyk research team has uncovered malicious behavior in a popular Advertising SDK used by over 1,200 apps in the AppStore which represent over 300 Million downloads per month, based on industry expert estimates.

See publication

Tags: Cybersecurity, Data Center

Reflecting on Transgender Day of Visibility
LinkedIn
March 31, 2020
March 31 each year is marked as Transgender Day of Visibility. According to the Human Rights Campaign, it is a day to commemorate “the courage it takes to live openly and authentically”. For those that live in silence, hiding their authentic selves, the day can serve as motivation to share their true selves with the world, if only for that one day a year. For others it’s a day to publicly recognize their journey to authenticity and be bold in bringing awareness to the world that transgender people are human beings like everyone else.

See publication

Tags: Social, Diversity and Inclusion

Don’t Tap That Mic
Import from wordpress feed
February 28, 2020
Top 1o tips for working with production crews as a speaker A colleague and I were recently talking about the bad habits we’ve seen from speakers at various conferences. This led to a deeper discussion on the importance of the production teams at these events. I think for many speakers the prod

See publication

Tags: Cybersecurity

Don’t Tap That Mic
Import from wordpress feed
February 27, 2020
Top 1o tips for working with production crews as a speaker A colleague and I were recently talking about the bad habits we’ve seen from speakers at various conferences. This led to a deeper discussion on the importance of the production teams at these events. I think for many speakers the prod

See publication

Tags: Cybersecurity

A Promotions Gap
alyssasec.com
February 09, 2020
Are expectations in promotion helping fuel the “Skills Gap”
Search job postings and you’ll find there are plenty of companies bragging about how they invest in their people. Internally, organizations like to boast about having a culture of promoting from within. Indeed, there are no shortage of articles touting the value of internal promotions processes. Yet, I must wonder if these words translate into action. While I’m still gathering the data in my surveys, some respondents have also reached out to me directly to share their stories. Quite a few tell me about how difficult it is to transition internally into security-related roles.

See publication

Tags: Leadership, Privacy, Diversity and Inclusion

RSA Conference Schedule
Import from wordpress feed
February 07, 2020
Where to find me at RSA As I’ve announced previously through social media, I’ve received the great honor of being accepted to speak at the RSA Conference in San Francisco this year. One thing has become very apparent thus far, this is a huge networking event and everyone wants to meet up

See publication

Tags: Cybersecurity

It Shouldn’t Be This Hard
Import from wordpress feed
January 30, 2020
There are seemingly conflicting messages about a cyber security skills gap and security professionals who can't find jobs. Why is this happening and how can we fix it?
The post It Shouldn’t Be This Hard appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

It Shouldn’t Be This Hard
Import from wordpress feed
January 29, 2020
There are seemingly conflicting messages about a cyber security skills gap and security professionals who can't find jobs. Why is this happening and how can we fix it?
The post It Shouldn’t Be This Hard appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

An Exciting Start to 2020
Import from wordpress feed
December 31, 2019
In a previous post I announced that I would be leaving my current role shortly after the new year. On New Year's Eve it seems appropriate to announce where I'm going and what I'll be doing.
The post An Exciting Start to 2020 appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

Closing Out 2019 and Looking Ahead
Import from wordpress feed
December 21, 2019
Announcing a new development as 2020 approaches Looking back at 2019, it has been a tremendous year for me from a personal and career development perspective. I’ve been very fortunate to elevate my involvement in the security community. I’ve documented much of it in this video I made in

See publication

Tags: Cybersecurity

Closing Out 2019 and Looking Ahead
Import from wordpress feed
December 20, 2019
Announcing a new development as 2020 approaches Looking back at 2019, it has been a tremendous year for me from a personal and career development perspective. I’ve been very fortunate to elevate my involvement in the security community. I’ve documented much of it in this video I made in

See publication

Tags: Cybersecurity

Leaders Inspire, Bosses Demand
LinkedIn
December 03, 2019
A short article authored by Alyssa on the difference between being a boss and being a leader. Alyssa leverages her own lessons learned to focus on three key characteristics that make for inspiring leaders.

See publication

Tags: Management, Leadership, HR

What Is a Hacker?
Import from wordpress feed
September 20, 2019
What makes me a hacker is my unfettered, at times almost obsessive need to understand the inner workings of technology.
The post What Is a Hacker? appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

What Is a Hacker
Alyssasec
September 20, 2019
In this blog, Alyssa discusses the media and societal biases around the term hacker. She provides a greater understanding of who hackers truly are and the difference between hackers and cyber criminals.

See publication

Tags: Cybersecurity, Business Strategy, Data Center

What Is a Hacker?
Import from wordpress feed
September 19, 2019
What makes me a hacker is my unfettered, at times almost obsessive need to understand the inner workings of technology.
The post What Is a Hacker? appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

Talent Shortage, Really?
Alyssasec
September 06, 2019
In this blog, Alyssa discusses the cyber security talent shortages and points out realities that suggest the shortage is more a result of unrealistic expectations and missed connections. She specifically targets the need for organizations to do better in crafting job descriptions for cyber security roles and to reach out in new ways are part of their recruiting efforts.

See publication

Tags: Cybersecurity, Management, HR

Talent Shortage, Really?
Import from wordpress feed
September 05, 2019
With all the talk of a security talent shortage, why are there still so many job seekers unable to find jobs? Organizations can do more to bridge the disconnect between themselves and the talented resources they need.
The post Talent Shortage, Really? appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

Deep Fakes in 2020
Import from wordpress feed
August 29, 2019
Deep fakes have entered the political arena. While the technology continues to advance, it still has some important limitations that may help mitigate it's impact.
The post Deep Fakes in 2020 appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

Deep Fakes in 2020
Import from wordpress feed
August 28, 2019
Deep fakes have entered the political arena. While the technology continues to advance, it still has some important limitations that may help mitigate it's impact.
The post Deep Fakes in 2020 appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

You Can’t Do Anything, Why Haven’t You Done Something?
Import from wordpress feed
August 22, 2019
The conflicting messages Security Professionals give Business Leaders It’s not if you’ll get hacked, it’s when. This is a statement every security professional has probably heard. In fact, most of us have probably used it at one time or another. A slightly different version is, if

See publication

Tags: Cybersecurity

Inside the Backdoor Backlash
Import from wordpress feed
July 24, 2019
Taking a more tangible view of encryption backdoors US Attorney General William Barr gave a speech Tuesday morning in which he approached the topic of what he called “warrant-proof” encryption. His argument revives discussion about establishing encryption that can be broken or bypassed b

See publication

Tags: Cybersecurity

Get a Chair At the Big Table
Import from wordpress feed
July 22, 2019
Cyber security is increasingly becoming a top business concern for executives. However, at a board level, security discussions with the CISO are relatively rare.
The post Get a Chair At the Big Table appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

Conquering Impostor Syndrome
Import from wordpress feed
July 14, 2019
Seeing the massive contributions of others invokes a level of anxiety when seeking to establish they're own contributions. The infamous impostor syndrome rears its ugly head and hold people back from getting involved.
The post Conquering Impostor Syndrome appeared first on Alyssa Miller.

See publication

Tags: Cybersecurity

The Oxymoron of “Smart” Devices
Import from wordpress feed
July 13, 2019
What a hair straightener can teach us about IoT Security A recent article on Threat Posts provides details of a vulnerability in the Glamoriser Bluetooth Smart Straightener. The vulnerability is pretty significant. An attacker can fairly easily gain control of the hair straightener, turn the he

See publication

Tags: Cybersecurity

1 Board Membership
Treasurer, Board of Directors
Women of Security
November 17, 2019
Treasurer and Board of Directors

See publication

Tags: Cybersecurity, Management, Leadership

1 Industry Certification
Certified Information Security Manager
ISACA
March 15, 2010
Certified Information Security Manager (CISM) from ISACA

See publication

Tags: Cybersecurity, Leadership, Management

1 Influencer Award
Epic Women in Cyber — Alyssa Miller
Medium
September 09, 2020
Alyssa Miller is a hacker, security advocate, cyber security professional and public speaker with almost 15 years of experience in the security industry. Her experience includes penetration testing, threat modeling and working with business leaders to build enterprise security programs.

See publication

Tags: Cybersecurity, Management, Leadership

9 Keynotes
A Sustainable Security Workforce Starts at the Local Coffee Shop
RSA Conference
May 12, 2021
How do we resolve this cyber security talent shortage? Well the answer may not be what you think it is. Join me for my session at RSA Conference on Thursday, May 20 at 11:15PST, I'll share with you the results of my research into this problem, the core issues I was able to identify, and some solutions for how organizations can begin to overcome the struggles in finding cybersecurity talent.

The skills gap gets a lot of press but does it exist? This session will present research that paints a different picture. Our industry has created an unsustainable workforce paradigm. It’s time we admit that our security skills expectations are broken and work to be better. Session will detail a radical change in approach and shows why one's favorite barista might be their next great security hire.

See publication

Tags: Cybersecurity, Management, Leadership

PASTA and OCTIVE and STRIDE, Oh My! Bringing Threat Modeling Out of the Woods Accepted
Container Solutions
May 12, 2021
There are no emojis or GIFs worthy of introducing our new #WTFisSRE keynote speaker so we’ll give it to you straight. ️Alyssa Miller (Great hacker. Great human. Exceptional tweeter. Soccer referee, Guitarist. Photographer.) is gracing our screens on 20 May! Register today!

Threat modeling is an extremely valuable tool in the secure software development pipeline. Some studies suggest it has greater impact on security posture than other more widely practiced security activities. There are many different frameworks, models, and methodologies that have been developed in an attempt to make threat modeling easier. Yet, despite these efforts, popular approaches to threat modeling are often still considered too cumbersome, structured, or time consuming to fit into modern development cycles.

In 2020, a group of 15 security professional released the Threat Modeling Manifesto to formalize decades of combined experience into a declared vision of what threat modeling truly is and what makes it important. Learn from one of these authors about how to break with the complex models and return to the values and principles of what threat modeling should be. Discover how this often-over-looked activity can actually make development pipelines more efficient while improving overall security of software. Get real practical examples of how you can use the manifesto as a guide to define or tailor a methodology that fits your needs and avoid common pitfalls that often derail this critical activity.

See publication

Tags: Cybersecurity, Management, Leadership

So Happy Together – Making Life Better with a Real DevSecOps Culture
JFrog
May 11, 2021
Alyssa Miller of S&P Global Ratings discusses tangible, practical actions organizations can take to immediately improve their DevSecOps strategy. Don’t miss her keynote, “So Happy Together - Making Life Better With a Real DevSecOps Culture” at #swampUP. Save your seat. The event is free: https://jfrog.co/3tVyZAB

WED 1:30PM-2:00PM

It may be hard for some to believe, but it’s been over a decade since DevOps was first introduced. It wasn’t very long after its introduction that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent surveys show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This idea of security as an inhibitor can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security. Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep security on the outside looking in when it comes to DevOps culture. She’ll provide insights from recent studies that have looked at the state of DevSecOps and share the key issues that our security teams often fail to overcome when trying to leverage security practices Through her analysis, Alyssa identifies tangible, practical actions that organizations can take immediately to begin improving collaboration and enablement within pipeline. Alyssa will demonstrate how adding the Sec to DevOps can actually make Developers and Operations happier, more efficient, and more effective. Finally, Alyssa delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be cultivated and extended into the broader business.

See publication

Tags: Cybersecurity, Leadership, Culture

2021 Diana Initiative
hopin
April 09, 2021
Back again in 2021 as a virtual conference, The Diana Initiative​ is a two-day conference to elevate, inspire, and support women of all races, cultures, and backgrounds through every stage of their information security career with education, collaboration, and resources.

The event is taking place July 16-17, 2021

As each attendee needs their own hopin login in order to attend the event, we encourage you to only purchase your own ticket. We have readily available free tickets so you can encourage your guests to utilize this option!

See publication

Tags: Cybersecurity, Leadership, Diversity and Inclusion

7th Annual CyberJutsuAwards Ceremony
Women's Society of Cyberjutsu
October 30, 2020
We are pleased to announce that 7th Annual #CyberJutsuAwards will be held on October 30th, 2020. Join us for a night of fun and festivities as we celebrate those who have made an impact in the cybersecurity world and within WSC. All proceeds from the Annual Cyberjutsu Awards ceremony go towards improving WSC programs for women and girls!

Free for members and $5 for non-members!

See publication

Tags: Cybersecurity, Innovation, Leadership

STEALING REALITY – DEEPFAKES USHERING IN A NEW PARADIGM OF ATTACKS
CypherCon
April 02, 2020
As a result of continuing advancements in neural networks, deep fake media has become increasingly convincing and easy to produce. Experts have warned of the impact this could have on elections and personal security. Additionally, deepfakes also pose very real threats to businesses and global markets, although these threats receive far less attention.

Hacker and Security evangelist Alyssa Miller will analyze the technology behind creating deep fake media, showing how Generative Adversarial Networks (GAN) create convincing fake videos and audio from very limited samples. She will examine research into both low-tech and AI/ML based detection methods and counter measures, including leveraging the same neural network approaches being used to create deep fakes to help detect them. She’ll continue by discussing the theory and research behind countermeasures such as Adversarial Perturbations and show how they can defeat facial recognition algorithms that deepfake generation relies on. Finally, Alyssa will present methods being developed to help certify the authenticity of real media.

See publication

Tags: Cybersecurity, Digital Disruption, Emerging Technology

Breaking and Entering: A Hacker’s Guide to Restoring Consumer Trust
SIM Wisconsin Chapter
October 08, 2019
As organizations seek to better monetize their business capabilities, requirements for data and privacy protection can seem inhibitive. How can technology be applied to uphold consumer trust and satisfaction while simultaneously supporting continued business evolution? Join real-world hacker and security evangelist Alyssa Miller as she identifies critical issues that have prevented businesses from adequately meeting the standards of security and privacy their customers have come to expect. Likewise, she will use her unique perspective to share a new strategic framework for designing cybersecurity defenses that ensure the protection of all forms of critical assets and enables new growth opportunities.

See publication

Tags: Big Data, Cybersecurity, Privacy

Inside-Out Security: Why We Should Build Castles Instead of Warehouses
CDW Protect SummIT - Philadelphia
August 19, 2019
Medieval castle builders made effective use of simple design principles to defend the most valuable assets inside. Centuries later, we’ve forgotten those valuable lessons as we defend our IT assets. From the moment we began enabling multi-user systems, we’ve approached how we defend our information in all the wrong ways. Join us for this session as we look at a completely different approach to designing security in our systems. We’ll explore new ways to understand what assets are, what threats they face, and how to leverage three basic types of defense mechanisms to effectively protect what we hold most dear. To add context to this new approach, we’ll draw on trends and lessons learned from thousands of security assessments and deployments across a vast portfolio of security technologies. All of this will show why it’s time to defend your crown jewels inside a fortified castle rather than a thinly constructed warehouse.

See publication

Tags: Cybersecurity, Leadership, Management

CDW Protect SummIT - February 2019
CDW Executive Summit Series
February 25, 2019
Delivered keynote on shifting the cyber security mindset from perimeter security strategies that have failed us for 60 years to an asset centric approach referred to as Inside-Out Security. Delivery was to an audience of executive business and security leaders.

See publication

Tags: Big Data, Cybersecurity, Leadership

8 Media Interviews
#115 – Alyssa Miller: We Are Lacking Empathy
Cybersecurity Interviews
February 22, 2021
Alyssa Miller leads the security strategy for S&P Global Ratings as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust.

A native of Milwaukee, Alyssa began her IT career as a programmer for a Wisconsin-based financial software provider. Her security passion quickly shaped her career as she moved into a leadership role within the ethical hacking team, conducting penetration testing and application assessments along with her team.

As a hacker, Alyssa has a passion for security that she evangelizes to business leaders and industry audiences through her work as a cybersecurity professional and through her various public speaking engagements. When not engaged in security research and advocacy, she is also an accomplished soccer referee, guitarist, and photographer.

In this episode, we discuss why she misses conferences, starting with computers at an early age, diversity, equity, and inclusion, the discrimination she has faced, the lack of understanding of privilege, discriminatory hiring practices, how to be an ally, and so much more!

See publication

Tags: Cybersecurity, Leadership, Diversity and Inclusion

Meet the researcher who wants employers to write better infosec help wanted ads
SC Media
September 25, 2020
Spot the problem: A job description posts that requires five years experience on software brought to market last year. Or it calls for expertise on every system developed since the Apollo program.

Dozens of help wanted ads are shared and ridiculed among experienced pros looking for new gigs and novices looking to start careers in an industry notorious for a workforce gap. Alyssa Miller, a security advocate at Snyk and a longtime hacker and researcher, wants to save employers the embarrassment. She’s researching the phenomenon and what to do about it, even soliciting ads that “suck” for study here.

See publication

Tags: Cybersecurity, Leadership

Secure Insights Highlighting Data Breaches And The Best Approach To Handle It
Sennovate
December 27, 2019
Unsure of why #databreach happens so often? Listen to my podcast with Alyssa Miller, Head of Information Security Solutions at CDW emphasizing her insights in data breaches and the way to handle it.

See publication

Tags: Cybersecurity, Management, Leadership

For SMBs, Cybersecurity Challenges Range from the Basic to the Sophisticated
BizTech Magazine
December 01, 2019
System misconfigurations are among the top cyberthreats facing small businesses. The cybersecurity risk that businesses face today is complex, and it demands a response that’s both sophisticated and fundamentally sound. Unfortunately, businesses are struggling on multiple fronts. The start of the new year is a good time to commit to getting it right.

See publication

Tags: Cybersecurity, Risk Management, Startups

From Hacking Toys To Threat Hunter And Soccer Ref
CyberCrime Magazine
October 13, 2019
CyberCrime Magazine published a feature article on Alyssa Miller in October of 2019. In this article, Alyssa discusses her passion for technology, how she got started in security and how her childhood curiosities turned into a lucrative cyber security career.

See publication

Tags: Cybersecurity, Entrepreneurship, Leadership

DtSR Episode 359 - Mind the Diversity Gap
Down The Security Rabbithole
August 20, 2019
This week, in the 2nd of two installments recorded live at Black Hat 2019, Alyssa Miller joins Rafal live to talk about some of the talks she's giving, and takes us back in time.

Highlights from this week's show include...

Rafal and Alyssa discuss the very real problems the lack of diversity in technology creates
A jab is taken at the TSA ...because it's just too easy
Alyssa revisits the 'castle analogy' for InfoSec and why it's so tough to get right
Much more fun... you'll have to listen in!

See publication

Tags: Cybersecurity, HR, Diversity and Inclusion

Earning a Place at the Table, Bringing Security to the Board Room
BrightTalk
August 06, 2019
As cyber security continues to evolve into a business priority, having conversations at the highest levels about how to address security threats becomes crucial. Hear from CDW’s Alyssa Miller as we discuss why it is so important for the CISO to have a place in the board room and ways the CISO can encourage this interaction and improve their effectiveness in working with the Board of Directors.

We’ll discuss common challenges and new ways to address those challenges ensuring the CISO is positioned to become that trusted advisor for the organization.

Join us as we discuss:
- The importance of discussing cyber security strategies at a board level
- What challenges prevent cyber security from being a regular topic for the board
- Approaches that CISOs may employ to help gain visibility with the board and more!

See publication

Tags: Cybersecurity, Leadership, Management

Human Factor Podcast - Episode 102
Human Factor Security
July 19, 2019
Jenny Radcliffe discusses getting started in cyber security, and a whole slew of other topics with Alyssa Miller

See publication

Tags: Cybersecurity, Leadership, Management

2 Panels
CISO's Toolbox: Strategies for Success
Bright Talk
August 06, 2019
What do CISOs need to be successful at their job? Discover the challenges CISOs are facing and the ways they are solving them.

Join security experts as they discuss the strategies, processes and technologies CISOs use to protect their organizations in the age of breaches:
- What keeps CISOs up at night
- Strategies for breach prevention
- Strategies for making the most of AI technology and human talent
- Coping with analyst fatigue
- Threats on the horizon
- Recommendations for strengthening security

See publication

Tags: Cybersecurity, Leadership, Management

Global Security: Combating Cyber Threats
NaplesNEXT
March 18, 2019
At NaplesNEXT Ideas Festival in 2019, Alyssa Miller appeared alongside former CIA Director John Brennan to discuss the state of global Cyber Security. It was a panel discussion moderated by Natasha Bertrand of The Atlantic. Alyssa and Mr. Brennan discussed strategies for cyber security defense as well as the pitfalls of offensive strategies around Cyber Security.

See publication

Tags: Business Strategy, Cybersecurity, Govtech

4 Podcasts
#115 – Alyssa Miller: We Are Lacking Empathy
Cyber Security Interviews
February 22, 2021
Alyssa Miller leads the security strategy for S&P Global Ratings as Business Information Security Officer (BISO), connecting corporate security objectives to business initiatives. She blends a unique mix of technical expertise and executive presence to bridge the gap that can often form between security practitioners and business leaders. Her goal is to change how we look at the security of our interconnected way of life and focus attention on defending privacy and cultivating trust.

See publication

Tags: Cybersecurity, Leadership, Diversity and Inclusion

Hacked Off Podcast | 78 | Alyssa Miller: Threat Modelling & DevSecOps
Soundcloud
October 23, 2020
Application Security Advocate, Alyssa Miller talks passionately about the importance of a collaborative approach to security, where implementing a culture of building efficiently and understand security as you go, can help with getting ahead of the game.

See publication

Tags: Cybersecurity, Innovation, Leadership

Ep. #75, DevSecOps Data with Alanna Brown, Gareth Rushgrove, and Alyssa Miller
Simplecast
September 04, 2020
In episode 75 of The Secure Developer, Guy Podjarny is joined by Alanna Brown, Senior Marketing Director at Puppet and mastermind behind the State of DevOps Report, Gareth Rushgrove, Product Director at Snyk and curator of Devops Weekly, and Alyssa Miller, Application Security Advocate, also at Synk. We often hear a lot of opinions and experiences from people who are working in development, so today we’re turning to the data, to figure out what works and what doesn’t in the world of DevOps and SecDevOps

See publication

Tags: Cybersecurity, Marketing

Alyssa Miller From Snyk on the State of Open Source Security
Jono Bacon
July 14, 2020
Open Source has seen enormous growth in recent years, and this has shone the light on the security of the many different components in open source systems such as NPM, Linux, Kubernetes, Docker, and Debian. How do we ensure that the rapidly growing library of open source, which is often bundled into stacks, is safe and secure?

See publication

Tags: Cybersecurity

7 Speaking Engagements
Transformational Security
Trend Micro
May 12, 2021
Season 2 of #LetsTalkSecurity is headed your way, some more fantastic guests lined up and coming to a screen near you!

Episode 1 streaming live on the Trend Micro feed here, on YouTube, and on Twitter, or on my personal Twitter on the 20th May, featuring the incredible Duchess of Hackington Alyssa Miller

See publication

Tags: Cybersecurity, Management, Leadership

Look! There's a threat model in my DevOps.
Avocado Labs
October 06, 2020
I'm honored to be joining the good folks from Auth0's Avocado Labs next week. I'll be sharing practical methods for bringing Threat Modeling into the #DevSecOps pipeline and using it to enable more efficient delivery.

See publication

Tags: Cybersecurity, Management, Leadership

Putting the Sec in DevOps
RESTCON
August 29, 2020
Putting the Sec in DevOps

See publication

Tags: Cybersecurity, Privacy, Risk Management

Losing Our Reality: How Deepfakes Threaten Businesses and Global Markets
RSA Conference 2020
February 26, 2020
As a result of continuing advancements in AI, deepfake media has become increasingly convincing and easy to produce. Experts have warned of the impact this could have on elections and personal security. However, the threats that deepfakes pose to businesses and global markets are often overlooked. This session will analyze those threats and present defense strategies business must consider.

See publication

Tags: Cybersecurity, Digital Disruption, Emerging Technology

THE DEATH OF TRUST: EXPLORING THE DEEPFAKE THREAT
BSides Vancouver Island
August 26, 2019
Deepfake media is becoming more common and easy to produce and it is expected to have a major impact on public discourse in upcoming elections. The use of Generative Adversarial Networks (GANs) has enabled the creation of incredibly lifelike artificial media. As a result, researchers and commercial organizations are scrambling to develop detection capabilities that can identify even the most convincing fakes.

In this session, we’ll describe the technical application of GANs when generating this media and highlight some of the most recent advances. We’ll also examine how the current limitations of this technology can be exploited by both low-tech and high order machine learning capabilities to detect deepfake media. Building upon limited published research, we’ll analyze the relative effectiveness of these techniques and explore how creators of false content could adapt in order to evade detection.

Additionally, we’ll consider those situations when detection may not always be enough. For instance, when the subject of a video claims it to be a fake or when there are national security concerns requiring us to confirm, with the highest degree of certainty, the veracity of the media. We will evaluate current technologies that seek to provide positive confirmation of digital media authenticity. Finally, we will propose further potential solutions and scrutinize their feasibility in helping maintain a high level of trust in digital media.

See publication

Tags: Cybersecurity, Emerging Technology, Leadership

Inside Out Security - Building Castles not Warehouses
Circle City Con
June 02, 2019
Medieval castle builders made effective use of simple design principles to defend the most valuable assets in their castles. Centuries later there are clearly lessons we’ve forgotten that could help when it comes to how we defend our IT assets. From the moment we started to enable multi-user systems, we’ve gone about defending our information in all the wrong ways. In this session we’ll look at a completely different approach to designing security into our systems. We’ll look at new ways to understand what assets are, what threats those assets face, and how to leverage three basic types of defense mechanisms to effectively protect what we hold most dear. Ultimately you’ll learn how to bring technology and offensive security practices together into a cohesive defense approach that works. It’s time to defend your crown jewels inside a fortified castle rather than a thinly constructed warehouse.

See publication

Tags: Cybersecurity, Leadership, Management

Breaking and Entering: A Hacker’s Guide to Restoring Consumer Trust
SIM Connect Live
May 16, 2019
As organizations seek to better monetize their business capabilities, requirements for data and privacy protection can seem inhibitive. How can technology be applied to uphold consumer trust and satisfaction while simultaneously supporting continued business evolution? Join real-world hacker and security evangelist Alyssa Miller as she identifies critical issues that have prevented businesses from adequately meeting the standards of security and privacy their customers have come to expect. Likewise, she will use her unique perspective to share a new strategic framework for designing cybersecurity defenses that ensure the protection of all forms of critical assets and enables new growth opportunities.

See publication

Tags: Big Data, Cybersecurity, Privacy

4 Webinars
How to WOW Submission Reviewers with a Stellar Proposal
RSA Conference
May 12, 2021
Join Women in CyberSecurity (WiCyS) and #RSAC June 9 at 2 PM ET for an honest discussion with #cybersecurity industry influencers sharing their stories of how they transformed every "no" into a "YES" to help you learn how to hone your expertise, experience and knowledge and create the most stellar of conference speaking proposals.
Speakers:
Diana Kelley
Alyssa Miller
Chloé Messdaghi
Tennisha Virginia M.

So you want to showcase your skills and speak at a technical conference? Great. Your voice matters. Conference organizers highly value new voices, and they are always on the lookout for ways to bring more talent to the stage. The good news is that there are opportunities abound and by submitting to conferences, you're honing in on your expertise, experience and knowledge, creating the most stellar of proposals. Join us for an honest discussion of cybersecurity industry influencers who weren't always used to being accepted when they initially submitted for speaking opportunities. They will share their stories of how they transformed every "no" into a "YES"!

See publication

Tags: Cybersecurity, Social, Leadership

How The Most Successful Cyber Leaders Get Support for Security
Battleship
January 28, 2021
In this Buy-In Blueprint webinar, Dan Blum, author of Rational Cybersecurity For Business, moderates a discussion on top tips and strategies to get buy-in for cybersecurity initiatives.

The panel features Alyssa Miller (BISO at S&P Ratings), Joel Fulton (CEO at Lucidum & Former CISO at Splunk), and Michael Charland (Global ISO at Hartford Steam Boiler).

They will discuss examples of strategies successful CISOs use to get support from the business and field questions from the audience.

At the end of the webinar, attendees will take away a Cybersecurity Business Alignment Cheat Sheet.

Join us to learn new strategies to build better relationships with your business leader counterparts and enable the security team to be perceived as a business partner.

This webinar will provide plentiful guidance on improving relationships, communications, and practices in pursuit of better cybersecurity-business alignment.

See publication

Tags: Cybersecurity, Leadership, Privacy

Look! There's a threat model in my DevOps.
Avocado Labs
October 13, 2020
You can't threat model in a CI/CD DevOps environment!!" This is a common belief among developers and security professionals alike. With frameworks like STRIDE, DREAD, PASTA, etc. threat modeling is typically viewed as a heavy-weight, time-consuming exercise that is simply not compatible with high-paced development paradigms. As a result, organizations that employ these paradigms commonly scratch threat modeling off their Secure SDLC checklist as simply impossible to implement without breaking their DevOps model. They lose sight of the core purpose of threat modeling and as a result are unable to tailor an approach that fits their development lifecycle.

In this session, we’ll turn those misconceptions about Threat Modeling upside down. We’ll go back to the core purpose of threat modeling. We’ll discuss what components of threat modeling are most crucial, what questions we should be asking and who should be answering them. Ultimately, this will all culminate into presentation of an alternative approach to Threat Modeling. We’ll walk through the details of how to implement this backlog-based approach in any development paradigm and demonstrate that it can be done without affecting our development timelines.

See publication

Tags: Cybersecurity, Management, Leadership

A Day In The Life of a Pentester
BugCrowd
August 01, 2019
In this discussion hosted by Phillip Wylie of Bug Crowd, Alyssa Miller, Bryan McAninch and Wirefall discuss various aspects of Penetration Testing to help both beginning pen testers as well as business leaders understand the strategies and methodologies involved.

See publication

Tags: Cybersecurity, Privacy, Risk Management

Radar

Blog

Opportunities

1 Keynote
Open: Cyber Security/Privacy Related Content

Location: Any City    Date Available: January 01st, 2020    Fees: 3,500 + Travel Expenses

Submission Date: January 03rd, 2020    Service Type: Service Offered

Alyssa is able to deliver engaging keynotes on a variety of Cyber Security related content. Everything from high level future analysis to detailed strategy discussions to addressing organizational issues such as talent or diversity challenges. Alyssa is an experienced speaker addressing audiences ranging from executive to extremely technical. She brings a unique mix of executive presence and technical acumen to craft a message that will resonate with your audience. Her speaking engagements span all manner of industry, thought leadership and entrepreneurial events.

Respond to this opportunity

Contact Alyssa Miller

Media Kit

Share Profile

Contact Info

  Profile

Alyssa Miller