Presented at
VB2017,
Oct. 5, 2017, 2:30 p.m.
(30 minutes)
Through my time as CISO for a small bank - where security was non-existent when I first started there as a consultant - I discovered how regulatory and compliance requirements drive budgets in the financial industry. I also learned along the way that more was needed to give SMBs a real chance, and I learned that all the expensive toys you hear people talk about on *Twitter* or at conferences are often simply not possible on a SMB budget. So my team and I focused on the basics and getting good at them, and over a period of 3+ years we built a defensive posture that I am proud of. I have built a framework around this defensive posture called "Minimum Viable Security" - controls, mitigations and procedures that anyone can realistically put in place with even a small team. This framework represents the level of defence you can expect any SMB to be able to put up, but still falls horribly short of what you would want a real defensible infrastructure be able to put up. I will discuss why SMBs can probably never be expected to go much above this and the reality in which SMBs live.
Presenters:
-
Claus Cramon Houmann
- Peerlyst
Claus Cramon Houmann Claus is a former bank CIO and CISO, who is now working as a community manager for Peerlyst Inc., a website dedicated to building a repository of knowledge for all information security professionals to help defenders everywhere do their jobs better, faster. Claus is a volunteer for I am the Cavalry and spends most of his time trying to make connected things and companies safer and more secure. @Claushoumann
Links: