Security Architecture 101

George Pajari

This is a fast-paced review of the main topics in information security architecture by the author of the Security Architecture and Engineering section of the forthcoming 5th Edition of the Official (ISC)² Guide to the CISSP CBK (Common Book of Knowledge) to be published later this year.

The presentation covers Domain 3 of the (ISC)² CISSP Exam Outline (

How to Survive a SOC 2 Audit (and Why You Ought to Try)

A SOC 2 information security audit report is considered by many (especially many customers of cloud service providers) to be the gold standard in cybersecurity attestation. Whether or not you agree, there is no doubt that for SaaS companies trying to sell into the enterprise space, a clean SOC 2 report can greatly accelerate sales and decrease the effort of going through your customers' third-party risk assessment process.

This talk will explain why you ought to consider obtaining a SOC 2 audit, what is involved in preparing for a SOC 2 audit, and how to go through the process with a minimum of grief and pain, by a person who has been there and lived to tell the tale.

Speakers Bio: George Pajari is a “CISO-for-hire”, providing cybersecurity leadership to SaaS cloud startups ( He was previously the Chief Information Security Officer (CISO) of Hootsuite, the most widely used social media management platform with over 15 million users including more than 800 of the Fortune 1000 companies. He was responsible for information security, IS risk management, and IT general controls. Prior to that he was the Security Architect at Hootsuite, and before that, Manager of Network Operations for Glentel's national digital radio service.

He is a member of the BC Government's Provincial Security Advisory Council, a member of the Vancouver (ISC)² Chapter executive, and one of the organisers of the Vancouver BSides security conference. He has been invited by the (ISC)² to write the Security Architecture and Engineering section for the next edition of the Official (ISC)² Guide to the CISSP CBK (Common Book of Knowledge), to be published by John Wiley in 2019.

George's professional certifications include the CISSP-ISSAP, CISM, and CIPP/E. He is learning to play the bagpipes and his paper on a new device for improving piping skills will appear in a forthcoming issue of Piping Times.