If I Knew Then What I Know Now: Building an InfoSec Program from Scratch

Presented at BSides Austin 2016, March 31, 2016, 2:30 p.m. (60 minutes).

Congratulations! You've been working hard for years and your employer has finally seen your potential. You've now been promoted to being the only person responsible for starting and managing an Information Security Program for a $1B+/yr company. With nobody there to help you and a minuscule budget, where do you start? How do you determine where the issues lie and prioritize how to fix them? At what point do you grow your team and how do you justify it? This vendor-agnostic talk will cover what you need to know in order to build an efficient, cost-effective, and relevant security program for your company.


Presenters:

  • Josh Sokol
    Josh Sokol, CISSP, graduated from the University of Texas at Austin with a BS in Computer Science in 2002. Since that time, he has worked for several large companies, including AMD and BearingPoint, spent some time as a military contractor, and is currently employed as the Information Security Program Owner at National Instruments. In his current role, Sokol manages all compliance, security architecture, risk management, and vulnerability management activities for NI. Sokol created the free and open source risk management tool named SimpleRisk, has spoken on dozens of security topics including the much-hyped "HTTPSCan Byte Me" talk at Black Hat 2010, and currently serves on the OWASP Global Board of Directors.

Links:

Similar Presentations: