Good Doesn't Always Win: Understanding technical and enterprise tradeoffs in Cybersecurity

Presented at BSidesLV 2023, Aug. 9, 2023, 6 p.m. (Unknown duration).

You have just started a new job, and, after settling in, find a huge cybersecurity gap. The great news is you have the perfect solution! The bad news is the company said no thanks. You are taken back and try to explain that this is simple cybersecurity basics, but the company has any number of reasons why they don't feel it's a good solution: money, time/effort of implementation, "we have never had a problem before", or maybe your own IT department is saying that it won't work. What do you do to make sure your company stays secure? Cybersecurity has arguably reached the point where most organizations understand its necessity, at least in concept. But that doesn't mean that everyone is open to hearing about the latest threats and all the work (and money) that needs to be spent reducing your risk. This talk is designed to be an open discussion on understanding human behavior, and some tools that could help a cyber professional be more successful, particularly when it comes to negotiating better decision making.

Presenters:

  • Vanessa Redman
    Vanessa Redman works in the financial services industry as a Vice President of Information Assurance in Las Vegas, Nevada. She has proudly been playing with computers since getting a used Commodore VIC-20 in the late 1980s and loves learning about new things. Prior to her current position where she runs a team that conducts threat intel, control testing, and threat hunting, Vanessa has worked as a Cyber Scenario Developer and Strategy Consultant, Red Team Tech Lead, and has taught lessons on a variety of cybersecurity topics, including vulnerability management, adversary tactics, and threat intelligence. She loves playing the devil's advocate and is always looking for assumptions to disprove. She is currently studying Algorithmic and Behavioral Game Theory for use in Cyber Strategy (both offensive and defensive) and has presented her findings so far at conferences such as BSidesLV, The Diana Initiative, Women's Society of Cyberjutsu (WSC), and Women in Cybersecurity (WiCyS). You can also find her in the recently published book 97 Things Every Information Security Professional Should Know, published by O'Reilly Media in September 2021. You can follow her on Twitter at @RedmanCyber.

Links:

Similar Presentations: