COMMON POWERUp 2026

A primer for business professionals on Information and Cyber Security (a.k.a “a crash course on security from a security nerd”) This hour session is intended as a fast-paced background primer for the business or IT profession who wants to understand the big picture of “security” (everything outside the IBM i server). Terms, roles and why it’s important to the businesses to understand and address on an ongoing basis. Definitions of “information” and “cyber” security Explanation of threats. External attackers and Internal threats. (Threats are constantly evolving. Addressing them is never “once and done.”) Definition of security roles: CISO, Security Analyst, Incident Response Analysts, Security compliance auditor, security reviewer, Network Engineer, Firewall engineer and help desk. Vectors of attack - phishing (general), phishing (specific or “spear phishing”) and their respective probabilities BEC (Business Email Compromise) SOC reports - what are they? What is a SIEM? Why is it important? Supply chain - being on the receiving end of security reviews as well as assessing your suppliers security Security tools - firewalls, EDR (End point Detection and Response), email filtering, SIEM, DNS protection, name server for Domain, Active Directory, Access Controls Identity Access Management - User IDs for everything, passwords, Single Sign-On Compliance vs. Security (“check the box” vs. a program of continuous improvement) Table top exercises - what they are and why they are important Physical security - don’t forget this detail. Why hack the organization if all you need to do is to steal a backup tape? Recommendation - Develop a program of continuous improvement (Work to keep ahead of the bad guys - or at least not be low hanging fruit)

Learning Objectives:

Provide a big picture understanding for the IT or business professional on the security topic. Help them communicate with and understand us “Security Nerds.”