Nick Leghorn, Director of Application Security, The New York Times
Nick’s Session 1: Writing Policies That Aren’t Miserable for Everyone Involved
Every organization has policies, and for good reason. Consistent decision making, standardized approaches, and clearly defined roles and responsibilities makes sure that everyone understands how to interact with different teams to get things done. Policies are good but almost everything about the way we commonly do them is an awful experience, from the team that has to draft this monstrosity of legalese, to the long and drawn out approval process where arguments about commas last long into the night, to the poor engineers who need to bring it to an oracle to decipher it so they can do their jobs.
Rather than sticking with the status quo, Indeed is trying a new approach to policy documentation that aims to reduce all of these pain points and make policies a legitimately useful document for everyone in the business, from upper management to legal and even engineering teams, all while maintaining compliance with applicable laws and regulatory frameworks.
Nick Leghorn runs the Security Governance, Risk Management, and Compliance team within Indeed. In this talk he will go over the high flying inspiration for their approach to policy documentation, walk through how to craft a BYOD policy in five minutes flat, and talk about some success stories where their document format helped increase productivity and reduce demand on the compliance team.
Nick’s Session 2: Building a Security Team that Never Says “No”
Hear Nick and 30+ Cyber Leaders May 10-11, 2022 Online or In-Person
Nick Leghorn is the Director of Application Security at the New York Times. After graduating from Penn State University with a degree in Security and Risk Analysis, his first job was working for the U.S. Department of Homeland Security quantifying terrorism risks and identifying mitigations to provide the best risk reduction for each dollar spent.
Nick has spent his career working for a number of large companies, including Rackspace Hosting, Shoretel, Mitel, and Indeed, improving the security of both the infrastructure itself as well as the processes within the company.
Check out more on Disaster.Stream Podcast!