Ep075: Beyond Compliance: Crafting Effective Security Culture with leaders from Clumio, Mongo DB, Symphony and AWS

From hard-coded credentials to boardroom buy-in, join four tech security leaders from Clumio, Mongo DB, Symphony and AWS, as they unpack how building the right security culture can be your organization's strongest defense against cyber threats.Topics Include:Security culture is crucial for managing organizational cyber riskGood culture enables quick decision-making without constant expert consultationMany security incidents occur from well-meaning people getting dupedPanel includes leaders from AWS, Symphony, MongoDB, and ClumioMeasuring security culture requires both quantitative and qualitative metricsBoard-level engagement indicates organizational security culture maturitySelf-reporting of security incidents shows positive cultural developmentSecurity committees' participation helps measure cultural engagementHard-coded credentials remain persistent problem across organizationsInternal audits and risk committees strengthen security governancePublic security incidents change board conversations about prioritiesLeadership vulnerability and transparency help build trustBeing pragmatic beats emotional responses in security leadershipSecurity programs should align with business revenue goalsCustomer security requirements drive program improvementsExcessive security questionnaires drain resources from actual securitySecurity culture started as exclusionary, evolved toward collaborationFinancial institutions often create unnecessary compliance burdenEarly security involvement in product development prevents delaysSecurity teams must match development team speedTrust between security and development teams enables efficiencySmall security teams can support large enterprise requirementsVendor partnerships help scale security capabilitiesProcess changes work better than adding security toolsSecurity leaders need deep business knowledgeTechnical depth and breadth remain essential skillsEvangelism capability critical for security leadership successInfluencing without authority key for security effectivenessCrisis moments create opportunities for security improvementSocializing between security and development teams builds trustDEF CON attendance helps developers understand security perspectiveBug bounty programs provide continuous security feedbackRegular informal meetings between teams improve collaborationBuilding personal relationships improves security outcomesModern security leadership requires balance of IQ and EQParticipants:Jacob Berry – Head of Information Security, ClumioGeorge Gerchow – Interim CISO, Head of Trust, Mongo DBBrad Levy – Chief Executive Officer, SymphonyBrendan Staveley – Global Sales Leader, Security Services, Amazon Web ServicesSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

There are no comments yet.

Please log in to write the first comment.