Buying Security: A Client's Guide

Presented at BSidesSF 2022 Rescheduled, June 4, 2022, 2:30 p.m. (50 minutes)

You can’t buy security, but vendors play a key role in effective security programs. This talk will provide a comprehensive guide to buying and getting value, based on experiences on both sides of the marketplace, a comprehensive literature review, and a survey of clients and vendors of all stripes.

Presenters:

• Rami McCarthy - Cedar
  Rami McCarthy is a Staff Security Engineer and reformed Security Consultant. He currently works at Cedar, helping scale up security for a health-tech unicorn. Before that, he spent three years performing security assessments of all kinds at NCC Group. Rami is the creator of sadcloud - a tool for terraform-ing purposefully insecure AWS infrastructure, and is a contributor to ScoutSuite - an open-source multi-cloud auditing tool. He holds the AWS Certified Security - Specialty and CCSKv4 certifications. Rami has a BS from Northeastern University, with a concentration in cyber operations and is currently wrapping up an MS from Brandeis University in Information Security Leadership.

Links:

• https://bsidessf2022.sched.com/event/rjpG/buying-security-a-clients-guide

Similar Presentations:

• GrrCON 2015 / The Hitch Hikers Guide to Information Security