Negotiating Compromise: How to avoid being labeled a "Chicken Little" while promoting better security decision making

Presented at BSidesLV 2023, Aug. 8, 2023, 5 p.m. (45 minutes).

Even though businesses know that cybersecurity is important (most of the time), cybersecurity professionals still have a challenge convincing business leaders -and sometimes even IT- of good cyber hygiene practices. FUD (fear, uncertainty, and doubt) can be an easy temporary actic to get teams to take you seriously, but it must be tempered. This presentation discusses common (and sometimes under utilized) negotiation techniques to help cyber professionals escape from being the physical manifestation of the doomscroll and facilitate better security decisions enterprise wide.

Presenters:

  • Vanessa Redman
    Vanessa Redman works in the financial services industry as a Vice President of Information Assurance in Las Vegas, Nevada. She has proudly been playing with computers since getting a used Commodore VIC-20 in the late 1980s and loves learning about new things. Prior to her current position where she runs a team that conducts threat intel, control testing, and threat hunting, Vanessa has worked as a Cyber Scenario Developer and Strategy Consultant, Red Team Tech Lead, and has taught lessons on a variety of cybersecurity topics, including vulnerability management, adversary tactics, and threat intelligence. She loves playing the devil's advocate and is always looking for assumptions to disprove. She is currently studying Algorithmic and Behavioral Game Theory for use in Cyber Strategy (both offensive and defensive) and has presented her findings so far at conferences such as BSidesLV, The Diana Initiative, Women's Society of Cyberjutsu (WSC), and Women in Cybersecurity (WiCyS). You can also find her in the recently published book 97 Things Every Information Security Professional Should Know, published by O'Reilly Media in September 2021. You can follow her on Twitter at @RedmanCyber.

Links: