Chris Honda
Manager; Security, Risk, & Compliance @ Plotly
Lehi, Utah, United States
Actions
Professional Goober | Head Janitor and Cook for the Honda Household | Sometimes does Security + GRC @ Whistic | Bad at Making Jokes and Writing Bios
Links
Area of Expertise
Topics
Join the Team, We've Got Cookies - Landing A GRC Role
Looking to land a position in Governance, Risk, & Compliance (GRC)? Welcome to the team my friend, we're glad to have you! There are abundant opportunities in this corner of the security world, and there's plenty of work to do.
Whether you're trying to break into the broader InfoSec industry, making a career change, or making a lateral move from Security to a specialized GRC gig, you may find that other guidance (like landing a few CVEs, winning CTFs, or lighting up the green lights on your Github heat map) isn't quite getting you the results you are hoping for.
Come hang out for a bit while we talk about landing a GRC role. Whether you're fresh from school, moving from a different industry, or want to pivot from a different security specialty, there's room in the GRC family for you!
Security != Compliance...But It Should
I know, I know, this is a tired debate. I'm not looking to argue either, but rather to set the record straight. Instead of saying one is more important than the other, I believe our industry would be better off by focusing on how Security and Compliance complement each other. Come share your ideas of how our teams can work together better regardless of which side you're on, because in the end we're all on the same side.
Walking the Tightrope: Balanced AI Risk Management
It's hard to believe that it's been almost 2 years since ChatGPT was unleashed on the world and the subsequent wave of AI applications. It seems like almost every company has a strong opinion on AI - for better or worse though, it's here to stay.
Operating under this assumption, what can we do to safely navigate the current environment where everything seems to be AI-driven? Come and discuss your thoughts, opinions, and experiences while we consider AI governance, resources to assess AI risk, and related compliance concerns and observations.
Having Optimism in the Age of AI
This is not a session on the virtues or pitfalls of AI; those angles have been covered extensively elsewhere, nor is this the place to speculate the details on how AI will continue to evolve.
This session is about you - the InfoSec/GRC practitioner. Like our friends in other job functions, we have felt excitement, apprehension, and curiosity for the future of our industry and our contributions towards that future. Just as it is in every other part of life, we can choose to look forward with a 'doom-and-gloom' career outlook. I want to share an optimistic perspective where our opportunities to support, uplift, and contribute are more bountiful than ever. In a world where we can choose between fear and hope, I will speak on the side of hope every day.
Small and Mighty: Making Security Happen in a Small Security Team
A well-staffed, well-funded team is the dream of every security practitioner, though it is often not the case. Competing business needs means that security teams have to wear multiple hats, take on extra projects, and turn down good initiatives to focus on necessities.
Despite some of the difficulties that come with small teams, this is a great position to be in. With limited resources and a solid plan, you can make opportunities to develop relationships and get security done effectively.
In this session, we will:
1. Identify strategies for building strong relationships throughout your organization that will support your security program,
2. Learn how to approach risk management in a balanced manner that encourages cooperation instead of fear, and
3. Discuss strategies to find scalable solutions to problems that won't break the bank.
Making Security Happen Without Being A Jerk
How many times have you heard of security referred to as the naysayers of your organization? The typical security team historically accomplished their goals by saying 'No' to anything beyond the bare minimum required for people to do their jobs. Consequently, we can be seen as a simple cost center that provides just enough value to justify our presence.
This is no longer the case. The rise of cybercrime has necessitated an increased investment in security to manage risk and enable efficient processes. While the security team's reputation has improved, we still have a way to go. By working to close this reputational gap, we can establish security as a critical partner and effective multiplier in the pursuit of accomplishing your organization's mission.
GRC and You: Putting your Career on a Rocket Ship
Many a security practitioner has told me that they see GRC as "the boring, audit stuff". It is true that GRC includes audits and related activities. It also provides those that are willing to learn an abundance of experiences, viewpoints, and skills, similar to how security and software engineering goes deeper than typing code to magically make things work.
A healthy does of GRC experience provides insight into the "why's" and "how's" of critical business operations. This insight enables us to be more effective partners across our organization, deliver more value to other teams, and strategically navigate the ever-changing landscape of threats and regulatory requirements.
Vendor Risk Management 101: Foundations of an Effective VRM Program
What is vendor risk management (VRM), and why should you care about it? An overly-simplified definition is the discovery of risks associated with your service providers and determining how (or whether) to proceed with that relationship. Managing vendor risk is an imperative in our day, with an ever-growing reliance on outsourced services strengthening in conjunction with a rise in data breaches that occur due to third-parties.
Let's explore what both sides of the VRM coin look like, some common concerns from both parties, and how you can make your job easier by nurturing the relationship between your organizations."
Simply Cyber Con '24 Sessionize Event
SAINTCON 2024 Sessionize Event
Bsides Seattle 2024 Sessionize Event
SAINTCON 2023 Sessionize Event
Bsides Seattle 2023 Sessionize Event
BSides SLC 2023 Sessionize Event
SAINTCON 2022 Sessionize Event
Chris Honda
Manager; Security, Risk, & Compliance @ Plotly
Lehi, Utah, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top