In this talk, we’ll dive into improving your organization’s security posture without compromising business needs/requirements, and why sometimes, the most secure path is the one that feels the hardest. Key discussion points:
- Security testing and vulnerability/patch management without affecting user experience, developer deadlines, business requirements, and more.
- Building cross-functional collaboration between security, IT, and business teams to ensure security procedures are in place, as well as disaster recovery and business continuity plans.
- Metrics for assessing security program effectiveness and how effectively communicating those across departments leads to shared accountability for the organization’s security posture.
- Continuous exercises and best practices for implementing security across an organization (i.e. tabletop, application penetration testing, ‘DevSecOps’).
- Lessons learned from managing information security organizations that can help others shape their security strategies. Tips for communicating with business and non-technical stakeholders, especially on critical security issues.
