Conformity Assessment Meets Cybersecurity | FIRST & AfricaCERT Symposium 2025 - Taher Amine ELHOUARI

🎙️ Conformity Assessment Meets Cybersecurity: Building a Common Language Between Auditors and Analysts

Taher Amine ELHOUARI – LIVE at the 2025 FIRST & AfricaCERT Symposium | Mauritius 🇲🇺

🌐 Event Website: https://www.first.org/events/symposiu...
🌐 Event Program: https://www.first.org/events/symposiu...

In this recorded session from the 2025 FIRST & AfricaCERT Africa & Arab Regions Symposium, I explore one of the most critical challenges facing cybersecurity and assurance today: Why do audits say “everything is compliant” while security teams still struggle to contain attacks?

The answer lies in the assurance gap between:
Conformity assessment & certification audits, and
Real-world SOC operations & incident response teams.

This talk introduces a shared language and operational bridge between auditors, assessors, regulators, SOC analysts, and CSIRT teams — transforming compliance from a periodic checkbox into a model of continuous, evidence-driven cyber assurance.

🎯 Session Focus: During the presentation, we connect international standards and operational security practice, including:
🔹 ISO & Assurance Standards:
ISO/IEC 17021 & ISO/IEC 27006 – accreditation/certification (conformity assessment)
ISO/IEC 27007 & ISO/IEC TS 27008 – audit & control assessment methodologies
ISO/IEC 19011 – audit guidelines
ISO/IEC 27035 – incident management lifecycle
🔹 Operational & Community Frameworks:
OWASP ASVS & SAMM practical security assurance models
CSA CCM & STAR continuous cloud security assurance
AfricaCERT 3CF – Africa’s Common Cybersecurity Controls Framework

🧩 Topics Covered:
✅ Translating SOC telemetry into audit evidence
✅ Applying ISO 27008 to measure real control effectiveness
✅ Mapping detection metrics and IR tickets to ISO clauses
✅ Linking SOC maturity to certification readiness
✅ Applying ISO 19011 principles inside operational environments
✅ Designing continuous assurance models to replace static audits
✅ Integrating AfricaCERT 3CF for regional cyber maturity benchmarking

🌍 Why This Matters: Attacks evolve daily — audits happen once per year. Cyber assurance must evolve too. This session demonstrates how:
Security operations can become self-auditing environments
Audits can become continuous validation mechanisms
Evidence becomes a shared asset across governance and operations
Certification reflects real capability, not just documentation

🇩🇿 Representing Algeria on the Global Stage: I was deeply honored to be selected as the only Algerian speaker featured in the official plenary program of the FIRST & AfricaCERT Symposium 2025, representing Algeria alongside national and international CSIRTs, regulators, and security leaders from across Africa, the Arab region, Europe, and beyond.

This participation reflects the growing cybersecurity ecosystem emerging in Algeria through community leadership and professional initiatives including: OWASP Algiers; CSA Algeria; CAS Algeria; EKSec Group; AfricaCERT.

🧭 About the Speaker: Taher Amine ELHOUARI:
Independent Information Security Consultant
Global Cybersecurity Advisor | Accredited Auditor | Certified Trainer
Founder & CEO – EKSec Group
Founding President – OWASP, CSA & CAS Algeria Chapters
AfricaCERT Professional Member (SME)
FIRST/AfricaCERT Program & Planning Committee Member

🤝 Let’s Stay Connected: Feel free to connect with me for knowledge exchange, collaboration, training, or advisory discussions:
🌐 Website: https://www.TaherAmine.org
📩 Email: [email protected]
💼 LinkedIn:   / mrtaheramine  

🔔 Don’t forget to:
✅ Subscribe if you value real-world cybersecurity insights
👍 Like the video if it was useful
💬 Leave your questions or feedback in the comments — I personally engage with the community.