InCommon IAM Online Speaker Spotlight: Q&A with Kyle Lewis

Kyle Lewis, vice president of cybersecurity strategy for InCommon Catalyst RDCT, will be our featured speaker  for “How to Sirtfi – Going Beyond the Federation Security Checkbox” as part of IAM Online on Wednesday, July 19 at 1 p.m. ET with David Bantz, chair of the Incommon Community Trust and Assurance Board (CTAB), serving as moderator. 

Kyle and David serve as co-chairs of the InCommon Sirtfi Exercise Planning Working Group (SEPWG). One of the SEPWG’s goals is to inform the community about how to institutionalize its practice in InCommon participants’ security teams. It’s more than publishing a security contact and checking the metadata box. It requires that security teams are familiar with federation and Sirtfi expectations, when in many organizations the security teams and the identity and access management (IAM) teams more used to dealing with InCommon and federation are not integrated.

Kyle, who coordinated InCommon’s first ever cybersecurity exercise last year, gave us a preview of some of the insights he’ll share during IAM Online.

Why is it important to institutionalize Sirtfi’s practice among InCommon participants’ security teams?

Each member of the InCommon federation is trusting the other members of the federation to live up to baseline expectations, which includes being able to operate within the Sirtfi security framework. If an institution has checked the metadata button for Sirtfi but not updated any internal procedures, nor trained their security contacts on what InCommon is, what a Sirtfi request is, and how to honor the Traffic Light Protocol, the Sirtfi assertion loses its trust value.

Why is this an important topic to cover?

Sirtfi was adopted by InCommon as part of Baseline Expectations to enhance trust amongst its members and increase the community’s ability to share information and response actions related to security breaches that cross institutional boundaries in the federation. It’s important because if and when a real information security breach happens, affected organizations are better served by having Sirtfi responses baked into their procedures. No one wants to be building the ship after the iceberg hits.

What do you hope attendees will learn from your presentation?

I hope attendees will be energized to go back to their teams and enhance their security practices. I want IAM teams to increase their security mindedness and security teams (assuming they are not the same in a particular organization) to increase their federation mindedness.

Join Us!

• Already registered for IAM Online in the last year? You will automatically receive Zoom coordinates for current and future IAM Online webinars – you only need to register once! 
• Haven’t attended an IAM Online? Register Now!
• Connection details will be emailed directly to all registrants on the morning of the event.

Got ideas for IAM Online? Let us know.

ICYMI

Sirtfi Exercise Planning Working Group Seeks Community Input for Second Annual Cybersecurity Exercise

Because Bad Things Happen: InCommon’s 2022 Cybersecurity Cooperation Exercise