Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Building Information Security Program from Scratch

LASCON via YouTube

Overview

Discover how to build an information security program from the ground up in this 41-minute LASCON conference talk. Learn valuable insights on secure development, risk management, and fostering a security-focused culture within organizations. Explore the importance of teaching coding ethics to children, leveraging compliance for educational opportunities, and using metrics to demonstrate improvements. Gain practical advice on communicating technical security issues to business executives, prioritizing security concerns through risk management, and hiring passionate security professionals. Embrace the speaker's enthusiasm for information security and learn how to inspire others to share in that passion.

Syllabus

Intro
Take every opportunity you get to learn new things, but stay away from the dark side.
Kids should learn to code at an early age. We need to be teaching them morals and ethics from the start. Secure development needs to be a part of every curriculum and reflected in grading
Courtesy of NBU) It takes a really shitty manager to show you the traits that make a really good one.
Courtesy of Bearing Point) When the shit-storm hits and your manager holds an umbrella over your head, the poo still needs to land somewhere.
Courtesy of KITS) Military contracts don't care about
Courtesy of LoopOne) "IT Manager" when you have nobody to manage is another way to say "scapegoat".
When opportunity comes knocking, don't just stand there...open the damn door!
You can talk all you want about improvements, but it doesn't mean s#!t if you can't prove it with metrics. Metrics! Metrics! Metrics!
All the knowledge in your head is worthless until you use it to help others.
Compliance and security go hand-in- hand. Use it as an opportunity to educate. Be the carrot, not the stick.
Ask about their requirements before you start talking about security.
When evaluating security issues, risk management is how we help to justify what to work on first.
Risk management is how we communicate technical security issues with the business and executives.
Once you develop an appetite for security, the hunger will grow and people will want more information sooner.
Hire people that eat, sleep, and breathe security. They're the ones who are in it because they love it, not because it's a means to a paycheck.
InfoSec is fun. Be passionate about what you do. Show others your passion and they will share in it with you.

Taught by

LASCON

Reviews

Start your review of Building Information Security Program from Scratch

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.