Grim Trigger

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 28, 2013, 1 p.m. (25 minutes)

There is almost nothing more frightening than a audit. Someone is going to look at what you do, how you do it, and why you do it and tell you if you are doing it “right” or “wrong”. Not only will the audit potentially find areas of improvement, it is going to take your time away from getting the everyday work done. When all is said and done you may have a list of things the auditors want you to “fix” and you may not know what is really required of you. More importantly, you may not know when to say No.

In this talk we will walk through different types of audits and pull back the curtain on what auditors say and do. With a little more confidence in how the process works, we will then discuss what audit findings actually mean and the auditors’ expectations of you after the audit. Finally, with your confidence building, we will explore how you can tell your auditors No without activating the Grim Trigger, making future audits more bearable.

Presenters:

• Jeff Kirsch / ghostnomad   as Jeff “ghostnomad” Kirsch
  After 14 years as an auditor, I “saw the light” and 2 years ago switched to the field of information security. Being a father of four young children helps me keep things simple, while being married to a School Neuropsychologist helps me understand the way people think and learn. Mixing that all together, I am able to bring a different perspective by associating real life events to the challenges in information security. I also enjoy simplifying the complexities of Technology through the simplicity of Haiku.

Similar Presentations:

• BSidesSF 2015 / Getting started...help me help you
• DEF CON 24 (2016) / So You Think You Want To Be a Penetration Tester
• BSidesLV 2014 / Hackers vs Auditors