Chris Honda
Sr. Security Analyst @ Whistic | Principal Spreader of Smiles | Teriyaki Chicken Connoisseur
Lehi, Utah, United States
Actions
Professional Goober-in-Training | Head Janitor and Cook for the Honda Household | Sometimes does Security for Whistic | Bad at Making Jokes and Writing Bios
Links
Area of Expertise
Topics
Walking the Tightrope: Balanced AI Risk Management
It's hard to believe that it's been almost 2 years since ChatGPT was unleashed on the world and the subsequent wave of AI applications. It seems like almost every company has a strong opinion on AI - for better or worse though, it's here to stay.
Operating under this assumption, what can we do to safely navigate the current environment where everything seems to be AI-driven? Come and discuss your thoughts, opinions, and experiences while we consider AI governance, resources to assess AI risk, and related compliance concerns and observations.
Having Optimism in the Age of AI
This is not a session on the virtues or pitfalls of AI; those angles have been covered extensively elsewhere, nor is this the place to speculate the details on how AI will continue to evolve.
This session is about you - the InfoSec/GRC practitioner. Like our friends in other job functions, we have felt excitement, apprehension, and curiosity for the future of our industry and our contributions towards that future. Just as it is in every other part of life, we can choose to look forward with a 'doom-and-gloom' career outlook. I want to share an optimistic perspective where our opportunities to support, uplift, and contribute are more bountiful than ever. In a world where we can choose between fear and hope, I will speak on the side of hope every day.
Small and Mighty: Making Security Happen in a Small Security Team
A well-staffed, well-funded team is the dream of every security practitioner, though it is often not the case. Competing business needs means that security teams have to wear multiple hats, take on extra projects, and turn down good initiatives to focus on necessities.
Despite some of the difficulties that come with small teams, this is a great position to be in. With limited resources and a solid plan, you can make opportunities to develop relationships and get security done effectively.
In this session, we will:
1. Identify strategies for building strong relationships throughout your organization that will support your security program,
2. Learn how to approach risk management in a balanced manner that encourages cooperation instead of fear, and
3. Discuss strategies to find scalable solutions to problems that won't break the bank.
Making Security Happen Without Being A Jerk
How many times have you heard of security referred to as the naysayers of your organization? The typical security team historically accomplished their goals by saying 'No' to anything beyond the bare minimum required for people to do their jobs. Consequently, we can be seen as a simple cost center that provides just enough value to justify our presence.
This is no longer the case. The rise of cybercrime has necessitated an increased investment in security to manage risk and enable efficient processes. While the security team's reputation has improved, we still have a way to go. By working to close this reputational gap, we can establish security as a critical partner and effective multiplier in the pursuit of accomplishing your organization's mission.
GRC and You: Putting your Career on a Rocket Ship
Many a security practitioner has told me that they see GRC as "the boring, audit stuff". It is true that GRC includes audits and related activities. It also provides those that are willing to learn an abundance of experiences, viewpoints, and skills, similar to how security and software engineering goes deeper than typing code to magically make things work.
A healthy does of GRC experience provides insight into the "why's" and "how's" of critical business operations. This insight enables us to be more effective partners across our organization, deliver more value to other teams, and strategically navigate the ever-changing landscape of threats and regulatory requirements.
Vendor Risk Management 101: Foundations of an Effective VRM Program
What is vendor risk management (VRM), and why should you care about it? An overly-simplified definition is the discovery of risks associated with your service providers and determining how (or whether) to proceed with that relationship. Managing vendor risk is an imperative in our day, with an ever-growing reliance on outsourced services strengthening in conjunction with a rise in data breaches that occur due to third-parties.
Let's explore what both sides of the VRM coin look like, some common concerns from both parties, and how you can make your job easier by nurturing the relationship between your organizations."
Simply Cyber Con '24 Sessionize Event
SAINTCON 2024 Sessionize Event
Bsides Seattle 2024 Sessionize Event
SAINTCON 2023 Sessionize Event
Bsides Seattle 2023 Sessionize Event
BSides SLC 2023 Sessionize Event
SAINTCON 2022 Sessionize Event
Chris Honda
Sr. Security Analyst @ Whistic | Principal Spreader of Smiles | Teriyaki Chicken Connoisseur
Lehi, Utah, United States
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top