Building a security program (staffing, processes, vendors, metrics) is a tough challenge many of us unfortunately inherit. By using my personal experience transforming and growing a security program at a healthcare provider as a case study, I will share my lessons learned on where my team was successful and where we took missteps that strained relationships or caused delays. This is the story of a 9-month journey of joint client and consulting effort.
At the end of that journey, we had successfully tripled the size of the employees on the security team, implemented an outsourced security monitoring provider, re-evaluated all the security products currently in use, and handed over a strong program to the newly hired CISO. Along the way, we inadvertently made an enemy or two, we changed staffing based on performance, and we didn’t hit 100% of our milestones. Ultimately though, I left behind a client executive team who was thrilled with the program we delivered.
If you hope to build a first-rate security program someday, this presentation will give you actionable tips on how to navigate the expectations of executives, of the existing team, and of the new team members who join your organization.
Partner Christie Terrill will present at the O'Reilly Security Conference - Build Me a World Class Security Program in Three Months on October 31, 2017.