QCon San Francisco 2021 November 1-5, 2021 | | Security Culture: Why You Need One and How to Create It

This presentation is now available to view on InfoQ.com

Abstract

Strong cultures permeate people’s mentality and the way that they behave, their receptiveness to new ideas and thoughts, and their motivation to do security tasks. Organizations with a positive security culture have immense capability to build resilient products and reduce security debt.

Every organization has a security culture, either good or bad, even if a security team or company has never invested in it. It is the underlying driver of why people choose to do what they do around security. This is exactly why security teams and their organizations need to take ownership and proactively shape the culture into a direction that supports the security well-being of the organization.

This talk will go into understanding how to measure your organization's current security culture and how to define where you want to go. From there we will look into techniques and cases studies of how to begin to shape your organization’s security culture to become more resilient and enable people-powered security.

Speaker: Masha Sedova

Co-Founder @hello_Elevate

Masha Sedova is an industry-recognized people-security expert, speaker and trainer focused on engaging people to be key elements of secure organizations. She is the co-founder of Elevate Security delivering the first people-centric security platform that leverages behavioral-science to transform employees into security superhumans. Before Elevate, Masha Sedova was a security executive at Salesforce where she built and led the security engagement team focused on improving the security mindset of employees, partners and customers. In addition, Masha has been a member of the Board of Directors for the National Cyber Security Alliance and regular presenter at conferences such as Blackhat, RSA, ISSA, Enigma and SANS.