Testing all the things - We can't catch 'em all and who's accountable anyway?

Presented at Diana Initiative 2020 Virtual, Aug. 22, 2020, 10 a.m. (60 minutes).

Suppliers, systems, sites, apps, devices, vulnerabilities and all the brewing bright ideas. What's riskiest? What do we tackle first? How much can we reasonably do? What about tyres we can't kick? No-one can test (or fix) all the things, but we're told to try, even when we get the call just before it goes live. But there's no Tardis, money tree, or vending machine stocked with specialists and no-one can be accountabile for something they can't influence, or don't understand. I'll be sharing lessons learned about those pinch points and showing simple risk-based ways to share the burden across the whole organisation Delegating work to prune the pipeline. Embedding accountability. Recognising where the orginanisation might not be mature enough to change. Moving things left - back to the bright ideas factories - so there's time and space to tackle the tyres we really have to kick, or call out the fact there just aren't enough hours in the day.

Presenters:

  • Sarah Clarke - Speaker
    Sarah started out in IT and network security, but has spent the last decade tackling challenges linked to doing security and data protection governance at scale. She moved away from the tech coalface after seeing colleagues burnt out, often because they didn't have data and sponsorship to describe challenges and drive change. She speaks and writes about related things, in between advising companies and practicing what she preaches.

Links:

Similar Presentations: