Many organizations continue to view cybersecurity as a technology problem, “owned” by the Information Technology department. However, doing business connected to the Internet can create non-technical problems: legal, regulatory, financial, logistical, brand or reputational, even health or public safety problems. Increasingly, organizations are treating cybersecurity and cyber threats in a broader manner, viewing cyber as a risk to be managed, and owned ultimately by the most senior ranks of corporate governance. Regulators and Boards are increasingly emphasizing this approach to cybersecurity as well. However, organizations continue to face challenges as they try to translate, measure, manage, and report a risk that is highly technical, and still somewhat foreign to many risk managers and board directors.
Neal Pollard is partner at Ernst & Young, based in New York City and Zurich. He leads cybersecurity consulting services for global financial services clients. Prior to EY, Neal was Managing Director and Group Chief Information Security Officer at UBS AG, leading their global cybersecurity program. Before joining the private sector, Neal was an intelligence officer in the U.S. counterterrorism community, serving managerial and operational assignments at the National Counterterrorism Center and the CIA. He was also General Counsel and Board Director of the Terrorism Research Center, a corporation he co-founded in 1996.
Jon Williams is a Senior Outbound Product Manager for ServiceNow working in the Security Operations product line. Jon has over 13 years of experience in Cyber Security and Cyber Security products and has served in multiple roles within the industry. Jon has been at ServiceNow for 5 years now and prior to that spent 8 years in the United States Air Force. While in the Air Force he served as both a Signals Intelligence Analyst and Cyber Security Intelligence Analyst at the National Security Agency (NSA). During his tenure as a Cyber Security analyst he worked in the Threat Operations Center, the NSA’s own Security Operations Center (SOC).
