Recently I presented a talk at [1]BSides Detroit 2014. It was a
  fantastic experience. [2]The organizers were excellent. The audience
  was great. I loved standing up on stage in front of people for the
  first time in almost two years. The feedback was constructive and
  wonderful. I look forward to continuing the conversation and presenting
  this talk at other events.

  What's the talk about? It's about how Security is a different entity
  inside of any business, assuming Security's role persists in-house and
  not out-sourced. Security Professionals cross all the silos that a
  traditional IT organization creates and isolates themselves with (DBAs,
  AppDev, Linux SysAdmins, Windows SysAdmins, Network, etc.). Security
  Professionals see and interact with parts of the business that IT
  typically doesn't (HR, Legal, Finance, R&D, etc.). This provides
  Security with a unique perspective.

  Security must leverage their unique position to make a positive and
  memorable impact with IT and the business. Spreading Fear, Uncertainty
  & Doubt (FUD) isn't the way. Conveying the message that the sky is
  falling isn't the way. Constantly saying "no" isn't the way.

  What is the way? Talk with IT & the Business. But don't talk with them
  about what you want, which is Security. Talk with them about what they
  want. Ask them about their fears and concerns and problems and what
  they wish they could do but don't know how to do.

  I wanted to come up with an approach that wouldn't need approval or
  bureaucracy or some management intervention. I wanted something anyone
  could do at zero cost at any time with little to no gear needed.

  And thus: Interview them. See the slide deck for how to go about this.

  If you can solve a problem of IT &| the Business, one that leverages
  Security's unique view inside of the organization, then they will want
  to engage with Security in the future. If done properly they will seek
  you out, accept when you engage, and consider you a trusted advisor.

  It also has the benefit of action. That is much preferred versus
  waiting for someone to realize that security is important.

  Several people have asked where to get my slide deck for the talk. You
  can get it from Dropbox here.
    __________________________________________________________________

  My original entry is here: [3]Engagement Zen: Transforming IT & the
  Business through Security for Fun + Profit. It posted Mon, 28 Jul 2014
  00:55:51 +0000.
  Filed under: professional, technology, BSides, detroit, Engagement Zen,
  InfoSec, presentation, Talk,

References

  1. http://www.securitybsides.com/w/page/77418080/BSidesDetroit14
  2. http://convergeconference.org/main/
  3. https://www.prjorgensen.com/2014/07/27/engagement-zen-transforming-it-the-business-through-security-for-fun-profit/

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.