Michael Brown
Security & Compliance Director
Tamarac, Florida, United States
Actions
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, is an information security professional and leader with years of experience in IT and information security/cybersecurity. While a security consultant advisor, he worked with clients in the healthcare, financial, manufacturing, and other sectors to assess their security programs and work with them to improve and mature their security posture. He is now Security and Compliance Director for FRG Systems, ensuring their HITRUST and SOC compliance. He is experienced with a variety of security regulations, frameworks, and standards. A seasoned speaker and presenter, he has presented at SFISSA, BSides Tampa, St Pete, and Orlando, HackMiamiCon, and ISSA International. He is an ISSA Fellow and Secretary and past president of the South Florida Chapter of ISSA.
Area of Expertise
Topics
IT Security Certifications
Whether you are an experienced InfoSec professional or just getting into the field, you will be confronted by a wide range of InfoSec certifications. Security+, CISSP, CISA, CEH, GSEC, etc. What are these certifications? What does it take to obtain them and keep them? Which ones should I focus on? And just as important, do I really need to obtain one for my career?
In this presentation, we will go over the basics of certifications: why they exist, how they are obtained, and how they are maintained. And hopefully dispel some myths along the way. We will look at the InfoSec certifications from the 5 main certifying bodies, CompTIA, ISC2, ISACA, EC-Council, and SANS/GIAC. And we will look at several related certifications that InfoSec professionals may also wish to pursue. Just as important, we will take a look at which certifications are most important based on your career focus.
At the end of the presentation, attendees should have a better understanding of certifications and a good idea as to which ones they may want to pursue.
I created this talk almost 10 years ago as I found local infosec professionals being confused about certifications and how they work. I have kept this talk up to date and usually give it about once a year.
The new update to ISO/IEC 27001 for 2020s
Most Information Security professionals have heard of the ISO/IEC 27000 series of documents, in particular 27001 and 27002. These documents are at the heart of defining an Information Security Management System of people, process, and technology to secure organizations. And many organizations are either assessed against it or maybe certified against it.
But frameworks are never static. We have certainly seen many of them updated, with the most recent updates of PCI-DSS (4.0.1), Critical Security Controls (8.1), NIST CSF 2.0 out in 2024 and the NIST Privacy Framework out in Q4 of 2025. There has on-going activity within the 27000 series to both add new documents to the series as well as to review and update existing documents.
In 2022 the main two documents in the series, 27001 and 27002 were updated, along with 27005. Updates of other documents have been coming out, with more on their way.
This 2022 update reorganizes the controls, merging several and adding new ones. Its organization of controls may be the biggest change, especially with the additional of various attributes for the controls. This will have a major impact on any pursuing ISO 27001 certification. And what further changes can we expect in the overall series?
At the end, participants will have a better understanding of the 2022 updates, what is coming for this series overall.
Overview and background
The main 27000 documents: 27001, 27002, 27005.
27002, new and old
What comes next for the series
Resources and further reading
iT Security Certifications UPDATED FOR 2023
Whether you are an experienced InfoSec professional or just getting into the field, you will be confronted by a wide range of InfoSec certifications. Security+, CISSP, CISA, CEH, CC, etc. What are these certifications? What does it take to obtain them and keep them? Which ones should I focus on? And just as important, do I really need to obtain one for my career?
In this presentation, we will go over the basics of certifications: why they exist, how they are obtained, and how they are maintained. We will look at the InfoSec certifications from the 5 main certifying bodies, CompTIA, ISC2, ISACA, EC-Council, and SANS/GIAC. And we will look at several related certifications that InfoSec professionals may also wish to pursue. Just as important, we will take a look at which certifications are most important based on your career focus.
At the end of the presentation, attendees should have a better understanding of certifications and a good idea as to which ones they may want to pursue.
This presentation has been updated for 2023, as there are several new certifications. The author himself has several certs from several organization and thus has experience in obtaining and maintaining them.
Conducting Security Assessments- Lessons for those being assessed and those wanting to do it
More and more companies are faced with having a third party come in an conducting a security assessment of their company's security program. These assessments can be against a variety of frameworks, standards, and regulations.
But what does this entail? How does this work for those being assessed?
And what if this is a field you want to pursue in our industry? What is it like to be the assessor?
This session will go over what security assessments are from both sides. The target audience is also those on both sides of the assessment.
BSides SWFL 2025 Sessionize Event
BSides St. Pete 2025 Sessionize Event
BSides Orlando 2025 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top