Christopher Honda
Sr. Security Analyst @ Whistic | Principal Spreader of Smiles | Teriyaki Chicken Connoisseur
Lehi, Utah, United States
Actions
Professional Goober-in-Training | Head Janitor and Cook for the Honda Household | Sometimes does Security for Whistic | Bad at Making Jokes and Writing Bios
Links
Area of Expertise
Topics
Small and Mighty: Making Security Happen in a Small Security Team
A well-staffed, well-funded team is the dream of every security practitioner, though it is often not the case. Competing business needs means that security teams have to wear multiple hats, take on extra projects, and turn down good initiatives to focus on necessities.
Despite some of the difficulties that come with small teams, this is a great position to be in. With limited resources and a solid plan, you can make opportunities to develop relationships and get security done effectively.
In this session, we will:
1. Identify strategies for building strong relationships throughout your organization that will support your security program,
2. Learn how to approach risk management in a balanced manner that encourages cooperation instead of fear, and
3. Discuss strategies to find scalable solutions to problems that won't break the bank.
Making Security Happen Without Being A Jerk
How many times have you heard of security referred to as the naysayers of your organization? The typical security team historically accomplished their goals by saying 'No' to anything beyond the bare minimum required for people to do their jobs. Consequently, we can be seen as a simple cost center that provides just enough value to justify our presence.
This is no longer the case. The rise of cybercrime has necessitated an increased investment in security to manage risk and enable efficient processes. While the security team's reputation has improved, we still have a way to go. By working to close this reputational gap, we can establish security as a critical partner and effective multiplier in the pursuit of accomplishing your organization's mission.
GRC and You: Putting your Career on a Rocket Ship
Many a security practitioner has told me that they see GRC as "the boring, audit stuff". It is true that GRC includes audits and related activities. It also provides those that are willing to learn an abundance of experiences, viewpoints, and skills, similar to how security and software engineering goes deeper than typing code to magically make things work.
A healthy does of GRC experience provides insight into the "why's" and "how's" of critical business operations. This insight enables us to be more effective partners across our organization, deliver more value to other teams, and strategically navigate the ever-changing landscape of threats and regulatory requirements.
Vendor Risk Management 101: Foundations of an Effective VRM Program
What is vendor risk management (VRM), and why should you care about it? An overly-simplified definition is the discovery of risks associated with your service providers and determining how (or whether) to proceed with that relationship. Managing vendor risk is an imperative in our day, with an ever-growing reliance on outsourced services strengthening in conjunction with a rise in data breaches that occur due to third-parties.
Let's explore what both sides of the VRM coin look like, some common concerns from both parties, and how you can make your job easier by nurturing the relationship between your organizations."
SAINTCON 2024 Sessionize Event Upcoming
Bsides Seattle 2024 Sessionize Event
SAINTCON 2023 Sessionize Event
Bsides Seattle 2023 Sessionize Event
BSides SLC 2023 Sessionize Event
SAINTCON 2022 Sessionize Event
Christopher Honda
Sr. Security Analyst @ Whistic | Principal Spreader of Smiles | Teriyaki Chicken Connoisseur
Lehi, Utah, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top