Let’s face it; it’s not easy to run a security governance program. With the continuing pressure of keeping our information secure and breach-free while management doesn’t see the need of increasing budget if there isn’t an incident occurring or compliance need. So how does someone in the trenches measure, monitor, and communicate this to ensure that you get the buy-in needed - or at least get the acceptance from management on the risk. It’s something that everyone in a security leadership position struggles with. Through this talk, we will be discussing some of the key points in implementing, managing, and creating oversight to communicate both internally to the security team and externally with the company. And don’t worry, the points we will be discussing will be applicable across the board - from small businesses to Fortune 100s. Also, we will be releasing some helpful tools in aiding your quest to the nirvana of a simple security governance program. You don't want to miss it!

Justin Leapline has over twenty years of experience involving system administration, software development, and information security. His core skills include regulatory and contractual compliance within the information security realm, security program management, and general governance practices and frameworks. Before joining TrustedSec, Justin consulted with numerous Fortune 1000 companies in the areas of information systems, audit, governance and information security. He has also led the governance and security practices for leading eCommerce and large financial services companies. Rockie Brockway serves TrustedSec as the Practice Lead of the Office of the CSO. With over two decades of experience designing, building and managing systems and networks; auditing and enforcing network security and policy; incident response; pen-testing; adversarial simulation; assessing vulnerabilities and threats; and analyzing business impact and risk, Rockie teams with organizations to understand the value and location of business critical data in an effort to further enable organizational innovation, achieve business outcomes and to protect the brand.

Justin - @jmleapline, Rockie - @rockiebrockway

Back to Derbycon 2017 video list