Blue Team
As commonly implemented, the three lines of defense model often fails - and not because of external attackers. Instead, it fails because the doing/monitoring/auditing model creates an adversarial environment in which it becomes a lot easier to argue about who should be doing which work than it is actually doing the work. When the three lines fight, defense gets harder. However, when the three lines try to work together, the three lines get tangled. This talk introduces a natural cadence model that uses a different approach to achieve what the three line model often cannot. By focusing on how people naturally work, and formalizing how each line interacts with the others, as well as the larger ecosystem around them, you can run a three line model effectively, without the quibbling and political mess.
Josh More is the owner and president of Eyra Security, an information security and business improvement consulting firm that specializes in helping startups and organizations in transition take advantage of lean and agile methods, open source technology and varied frameworks used for security, risk management and compliance. He also serves on the IANS faculty and was formerly active on the GIAC Advisory Board, Infragard, DC612, and OWASP. Josh has written several books and too many articles to count, and is currently working on a book on revamping vendor management.
We proudly present SecretCon, an entirely unparalleled conference for the state of Minnesota, built for our new digital reality. This conference is dedicated to the many specialties of our hacker, cybersecurity, and privacy community. We have taken it upon ourselves to construct a conference that not only embraces our past, but also looks to the future. Join us!
