My key takeaways
- compliance documents are not written by technical people
- compliance is not about security
- people tend to meet the minimum, not more
- GDPR is an accountability framework not a compliance framework
- "Security is a cost center" a management statement calling for trouble
- the goal of a VC backed vendor is the best possible IPO, not to build the best product possible
- examples of greed won over security at first
- kids in coalmines
- airbags
- seat belts
- what to make yourself more approachable as a security person
- brown bags
- newsletters
- get out and be the touchstone
- the universal answer is education
- user awareness training is a must
- don’t blame the victims, stand by the security people in these companies
- the best pentesters in the world are auditors tired of repeating themself
Env
- Provided by BHIS
- Presenter: John Strand