Escape the Questionnaire Quagmire: A thoughtful approach to addressing security inquiries from customers and prospects

Presented at BSidesLV 2019, Aug. 7, 2019, 2 p.m. (25 minutes)

Effective third-party security risk management requires collecting a significant amount of information from vendors. That information gathering process often starts with the customer sending the vendor a lengthy infosec questionnaire.

Katie's team was on the receiving end of those questionnaires, and the significant time and effort required to complete them interfered with progress on imperative security projects. To address this problem, the team created documentation and a new process that lessened their workload, reduced sales cycle friction, and gave customers increased visibility into Rapid7's security program. Katie will share her approach, the lessons she learned along the way, and the metrics she used to measure success, ensuring you leave this session ready to apply these strategies at your organization.

Presenters:

• Katie Ledoux
  Katie Ledoux the Manager of Trust and Security Governance at Rapid7 in Boston, Massachusetts. Her team is responsible for security risk management, security compliance, security awareness training, security policy development and exception management, business continuity plan and IR plan development and testing, and access recertification. She has also contributed to projects in data privacy and responsible vulnerability disclosure. You can find her on Twitter @kledoux.