June Chapter Meeting - Panel Discussion

For the June ISC2 Oregon Chapter meeting, we hosted a panel discussion to explore pressing cybersecurity challenges, the importance of cultivating a strong security culture, and strategies for effective business continuity and incident response. Ed Fulford opened the chapter meeting with acknowledgments of our volunteer and subcommittee contributions and an update on the chapter’s financial and legal structuring, led by Dennis Miller.

Key Themes and Insights

Cybersecurity Threat Landscape:Panelists—including Shane Perry (Oregon PERS), Payam Dongani (WA State AG’s Office), Anthony Tevs (Comscore), and moderator Abrar Ahmed —highlighted the growing threat of compromised credentials, phishing, and AI-driven attacks. Payam shared that the Washington AG’s office processes up to 3 million emails monthly, with credential compromise topping the 2024 breach report.

End-User Risk and Security Culture:End-users remain the primary risk vector. Despite reduced phishing click-through rates (now at 2%), many staff still resist taking ownership of security. Shane Perry described a controversial policy allowing termination after six failed phishing simulations, which has faced union opposition. Panelists emphasized the need for shared responsibility and a common language around security.

Building a Security Culture:The group discussed the value of open communication, citing a real-world incident where a tech bug led to early inmate release and subsequent tragedy. A “security champions” program was proposed to embed security advocates within business units. Executive support was deemed essential for cultural change, and mandatory training—backed by incentives—was shown to improve engagement.

Ransomware and Disaster Recovery:Ransomware threats are evolving, with some groups now deleting data instead of demanding ransom. The panel recommended multi-layered backup strategies, including backing up Microsoft 365 and Azure-based infrastructure and periodic restore testing.

Incident Response and Business Continuity:The panel discussed the need to develop business continuity and incident response plans and refining them by performing periodic tabletop exercises and trainings. The need for cultural buy-in and clear escalation protocols was underscored.

Organizational Updates and Next Steps:Dennis Miller reported progress on nonprofit registration, including plans to secure a federal ID, open a bank account, and finalize financial policies. Two upcoming meetings are scheduled for August and October, with potential events including a volunteer day with the Northeast Emergency Food Program. Members are encouraged to provide input and use Slack or email to communicate with leadership.

Membership CPE Submission:

One final note, the CPE submission for those members who attended, and have an ISC2 membership ID on file with the chapter, have been submitted and should be available on your respective ISC2 membership portals.