Blake Bommelje

Blake Bommelje

Security Architect / Information Security Officer
Novant Health

Biography

Blake started his career in DC after graduating UNC Charlotte and has worked for the likes of DHS, FBI, Pearl Harbor Naval Shipyard, and GlaxoSmithKline, all over the world in designing and implementing cybersecurity strategies for their organization. Currently back in his hometown, Blake is an Information Security Architect for the Cybersecurity Program at Novant Health where they are working to align the healthcare critical infrastructure to the NIST Cybersecurity Framework. His passions include bringing an understanding of cybersecurity to the individual and working to improve the overall cybersecurity landscape.

Presentation Title

The Continued Prevalence of People and Processes Over Technology

Presentation Overview

Cybersecurity programs rely on the three legged stool of People, Processes, and Technology. This is the paradigm on which we establish capabilities and deliver on our programs. Sadly, we live in a world where organizations are typically on a three year technology cycle, changing security tools just as one reaches maturation within the organization. As contracts expire, new vendors provide similar products at reduced rates and companies often switch because it looks better for the bottom line.

However, technologies are never problem solvers on their own – in order for a technology to effectively and efficiently add to the overall security posture of an environment, the technology selection and implementation must be driven by a strategy rooted in the support of people and process. In this presentation, we will walk through the case study of a major oil company who attempted to implement Data Loss Prevention technology without consideration of the supporting people or processes and the lessons learned. This will be contrasted against the Federal Government, which places a focus on people and process first, allowing for effective use of technology as a key enabler for cybersecurity capabilities within the context of a larger program. Both of these case studies are providing lessons learned for Novant Health as we continue to grow a people-first Cybersecurity Program.