ISSA October Meeting

October Meeting

The next meeting is on Tuesday October 6th. We will have 2 presenters for our lunch meetings. Registration is at 10:30 am and meeting starts at 11:00 am.

The first presenter, Ann McIver McHoes, a consultant based in Pittsburgh and author of two books on computer operating systems. For several years she served as Membership Director for this ISSA chapter and has had the pleasure of working with numerous organizations on systems issues, including Federal Home Loan Bank of Pittsburgh, PNC Financial, and Westinghouse, will present ‘Crafting Effective Security Messages for the C-Suite’. Why is it so difficult to convey security awareness issues to executive officers? It turns out that the culture of the C-suite is different from that elsewhere, so effective messages need to be vibrant, current, and brief. We can make our voices heard there, but it takes strategic thinking and innovative messaging, which we’ll explore during this presentation. Along the way we’ll also touch on security awareness messages for other user groups with system access, such as contractors, interns, employees, and suppliers.

We’ll take a break around noon to grab some lunch then from his successful engagement at DerbyCon; Ryan Voloch, Information Security Engineer at EDMC, will present ‘Simplified SIEM Use Case Management’. Go from zero to hero by using this simple SIEM use case management framework.  The basics of SIEM use case management will be reviewed.   We will go into depth on how to do it in a simple and practical way.  We’ll review an example use case database schema and review sample management reports that can assist you to build or mature your SIEM program.

Ryan has extensive experience in developing and maturing IT Security Operations for large enterprises, using technologies such as Security Information & Event Management (SIEM), Data Loss Prevention, File Integrity, and Intrusion Prevention Systems.   He has successfully procured, implemented, managed and matured over 10 enterprise security solutions.  Currently, Ryan supports Security Operations for Education Management Corporation’s central services and 100+ colleges.  Ryan has considerable experience with Incident Response, Risk Management and Vulnerability Management programs.  He has performed more than 80 security assessments of internal and 3rd party systems to identify information security and continuity risks.  One of Ryan’s passions is process development and efficiency.

Ryan started his career with a PCI level 1 merchant retailer and was heavily involved working with IT to design and develop solutions for attaining PCI compliance.  Ryan is a graduate of Rochester Institute of Technology, a CISSP and is a GIAC Certified Incident Handler.

After the second presenter there will be a drawing for $50 AMEX gift card. The winner must be present to claim the prize or we will redraw.

There will be 2 CPE given to attendees of the lunch meetings.

Registration will begin at 10:30 am, first presentation starts at 11:00 am.

Meeting location: The Gulf Tower; Gulf Theater. 707 Grant Street on the 3rd floor.

Cost: $10 for members of AITP, ARMA, InfraGard, ISACA, ISC2, ISSA, OWASP, Steel City InfoSec and TRCPA with advance registration $15 for non-members with advance registration $5 for students with advance registration

To register in advance for this meeting contact Mike Sotace at or phone (412) 995-7342.

Deadline for advance registration is Friday October 1st, there is an extra $5.00 charge for registration after this date.


Mike Sotace, CBCP, CISSP
Security Analyst III
Education Management Corp.
210 Sixth Ave.
Pittsburgh Pa. 15222
(412) 995-7342