Presented at
44CON 2019,
Sept. 12, 2019, 1:30 p.m.
(59 minutes).
Security research teams are one of the important partners in any security organization and are usually found through an external company or through an internal group. Such teams are needed to secure your products, your network, and your business resources.
Managing and measuring such intangibles as “Security research” is a difficult problem, mainly revolving around the need to discover and fix issues before they reach the field and cause actual harm. Measuring or defining KPI for such teams is problematic as research has no firm boundaries or guarantees.
Access to such talent is crucial in today’s world and many companies are looking into hiring and growing such internal teams. Hiring security research talent, retaining and helping them to provide high business ROI is very difficult.
Over my career, I helped build and grow security research teams in large corporates and in start-up environments, and I will share some of my experience and advice for managing such teams.
In this talk, I will cover some basic lay of the land, some KPI that can be used to measure success and advice on how to retain and guide such teams.
Presenters:
-
Guy Barnhart-Magen
BSidesTLV chairman and CTF lead, Public speaker, and recipient of the Cisco “black belt” security ninja honor – Cisco’s highest cyber security advocate rank
With nearly 20 years of experience in the cyber-security industry, Guy held various positions in both corporates and start-ups
He is currently a Cyber Security Consultant, focusing on OS and Services Hardening, Cryptography, AI Security, and Reverse Engineering.
Links:
Similar Presentations: