Evolving Your Office's Security Culture by Selective Breeding of Ideas and Practices

Presented at NolaCon 2016, May 21, 2016, 3 p.m. (Unknown duration)

Every work place has its own security culture defined by the values, traditions, beliefs, interactions, behaviors, and attitudes of the group. Many companies have appropriately stated security policies and standards that are not reflected in practice due to the security culture of the office, or it is difficult to change the policies and standards due to the security culture. In this talk I discuss how to stimulate change in an organization. I will go through multiple real life situations and discuss my successes and failures to stimulate change. Some of the real life situations include getting the business to change requirements that are not secure, improving the level of security awareness in IT staff / programmers / code, changing security policies that hurt overall security, and more. I have statistical data on the efficacy of some of the methods discussed, and go through a post mortem on the failures to help others avoid the same mistakes.

Presenters:

• Nancy Snoke
  Nancy and Phoenix Snoke have given joint talks at NOLACON, BSides and SkyDogCon. Phoenix would like to remain a mystery, and Nancy specializes on web and mobile application security. Her work experience includes senior software engineer responsible for web application security at PGAC, and a penetration tester for Cisco Systems. Nancy has previously spoken (solo) at Derbycon and NOLACON. She got her undergraduate degree in Computer Engineering in New Orleans at Tulane University, and her Masters in Computer Science at University of Illinois Urbana-Champaign.

Links:

• https://nolacon.com/talk/evolving-offices-security-culture-selective-breeding-ideas-practices

Similar Presentations:

• DerbyCon 6.0 Recharge (2016) / Evolving your Office’s Security Culture
• BSidesSF 2019 / Concrete Steps to Create a Security Culture
• BSidesLV 2019 / The Importance of Culture in Security