INTERFACE Omaha
Presented by Matthew Ziegler, Director of Advisory and Success, MBA, CISSP, CISA • Novacoast
Too often, organizations see governance and compliance as a means to an end: passing an audit, gaining a certification, or filing a report. Really, these are just the start of the Information Security journey. In this session, we’ll explore how leaders can move beyond “checkbox compliance” by aligning governance with real-world risk, embedding security into culture, and using frameworks like PCI DSS, ISO 27001, NIST CSF 2.0, and CMMC as foundations for continuous improvement rather than static achievements. Drawing from real-world experience leading global SOCs, audits, and board-level risk programs, I’ll share strategies for changing direction from compliance-driven to resilience-focused, and how to communicate these strategies to executives, regulators, and staff.