Explore strategies for building sustainable security programs in this 44-minute keynote address from BSidesSF 2022. Delve into the challenges faced by information security professionals, including burnout, constant firefighting, and evolving threat landscapes. Learn how to disrupt security cynicism, discourage heroics, and foster an environment of empathy and collaboration. Discover techniques for aligning security with business enablement, understanding threat models, and balancing proactive and reactive security controls. Gain insights on risk prioritization, strategic investments, and creating shared guiding principles to build a more resilient and effective security program.
Overview
Syllabus
Intro
INFORMATION SECURITY BURNOUT
CONSTANT FIREFIGHTING
PERSONAL RESPONSIBILITY
ONGOING CONFLICT WITH STAKEHOLDERS
CHANGING THREAT LANDSCAPE
Disrupt Security Cynicism
Discourage Heroics and Celebrate Long-term Wins
Build Additive Teams
Environment of Empathy and Collaboration
Business Enablement and Customer Service
Help Security Engineers think about Risk
Understand your Threat model and why Security matters
Be rigorous about Risk Outcomes
Strategic vs Operational Investments
Leverage Points and Efficiency
Minimize Impact to Critical Data Assets
Overall Security Assurance Balance of Proactive and Reactive Security Controls
Risk Appetite for Senior Leadership
Shared Guiding Principles
Taught by
Security BSides San Francisco
