Discover how to implement a "Not My Responsibility" mindset in security engineering through this 41-minute LASCON conference talk. Explore strategies for shifting responsibility to the business, improving accountability, reducing friction, and preventing burnout among security engineers. Learn about risk management, operational vs. strategic risk, effective communication, and the importance of risk-based approaches. Gain insights into risk ownership, mitigations, and the benefits of consistent documentation. Understand the role of Governance, Risk, and Compliance (GRC) in security practices and how this mindset shift can lead to more effective security improvements within organizations.
Learning the Power of the -Not My Responsibility- Mindset
Overview
Syllabus
Intro
Example
The Problem
Why Risk Management
Operational vs Strategic Risk
Risk
Expect
Impact
Communication
Riskbased approach
Risk ownership
Mitigations
What this does right
Important note
Accountability
Risk Management
GRC
What do we do
What do we get
Consistent documentation
Taught by
LASCON
