Have you ever made poor security decisions? Have you thought a decision was a good one only to find out later that it wasn't? Do you feel like you don’t have enough control to make good decisions, or maybe you don’t recognize what a good decision is? If you answered yes to any of these, then read on, adventurer! Whether working with users, managers, auditors, vendors, or anyone else, questions about how you make decisions can be difficult to answer. It’s common for security decision making in large or small enterprises to be done in a vacuum. Decisions are made without proper business context, or without adequate direction or sponsorship. This talk aims to put context around security decision making, whether it's related to internal processes, budget and spending, and/or dealing with vendors. The audience will get an understanding of the right questions to ask at all levels of an organization to get the right inputs and make sure their decisions are based on solid, defensible principles. The end result is an overall reduction of risk, better basis for decision making and better decision options to present.

Joel Cardella has over 25 years of experience in information technology, having run a gamut from network operations, sales support, data center management, field operations and information security. He has worked in industries including telecommunications, healthcare and manufacturing. Prior to Rapid7 he held the role of Regional Security Officer for North America for a multinational manufacturing company.

Back to Converge 2017 video list