Building a Security Team that Never Says “No”
One of the most prevalent perceptions of any security team is that they just always say “no,” that they will be a blocker to progress and slow things down. This leads to teams circumventing the security process, lack of support from leadership, and an inability to implement any good new security measures. It’s a story that we all have seen time and again throughout the industry.
As more companies are starting to understand, having a strong security culture doesn’t necessarily mean having to always be a blocker. Instead, implementing a security program with the mindset of never saying no to any request or new idea can enable the security team to effectively implement security controls and improve the company’s security posture at a rapid pace in collaboration with the business instead of fighting against it. And doing it all even with a smaller security team.
Learn about the concepts and frameworks that companies like Indeed have established to enable this remarkable change, the mindset that is needed within the security team to make them successful, and how avoiding a single word can lead to dramatic changes in perception.
The alternative is:
Nick Leghorn is currently the Director of Application Security at the New York Times, and previously built the Security GRC team within Indeed from the ground up using these same principles. Nick has spent his career working for a number of large companies with complicated environments including Rackspace Hosting, Shoretel, Mitel, and Indeed improving the security of both the infrastructure itself as well as the processes within the company.
Nick Leghorn is the Director of Application Security at the New York Times. After graduating from Penn State University with a degree in Security and Risk Analysis, his first job was working for the U.S. Department of Homeland Security quantifying terrorism risks and identifying mitigations to provide the best risk reduction for each dollar spent.
Nick has spent his career working for a number of large companies, including Rackspace Hosting, Shoretel, Mitel, and Indeed, improving the security of both the infrastructure itself as well as the processes within the company.
Hear Nick and 30+ Cyber Leaders May 10-11, 2022 Online or In-Person
Register for Austin Cyber Show Zoom Events
Nick’s other Session: Writing Cyber Policies that Aren’t Miserable for Everyone
Join US and Canada cyber community members at the inaugural Austin Cyber Show Conference at Concordia University Texas, May 10-11. During the two-day cyber defense conference, participants can engage in discussions with peer leaders and industry experts on the cyber risks and challenges that businesses, leaders, developers, educators, and students face each day. Attendees will walk away with new insight and leadership lessons learned to defend against ransomware, phishing, and data exfiltration attacks. Five Cyber-By-Fire Skill Certificates are available to earn at the event and via Zoom Events online for 30 days afterward.