Governance, Regulation & Compliance
Education Level: Advanced
5317 - Managing Enterprise Security on a Startup Budget: A CISO Shares Tools and Experiences
Tuesday, September 26
3:00 PM - 4:00 PM
As CISO for a startup, budget constraints require creativity when choosing tools. Open source hacking tools exist, but what about business tools for processes or GRC? Fortunately there are many available, providing sophisticated capabilities at a fraction of the cost large organizations pay. Unfortunately, finding them requires work. The presenter spent extensive time as an entrepreneurial CISO researching these solutions. This session shares his discoveries, cataloguing free or inexpensive tools for managing security program strategy. He describe these resources, how they've been adopted and where attendees can find such tools for themselves, whether for a startup or a larger enterprise.
This session is practical and agnostic. The goal is to provide a business-level security toolkit that complements technical tools to improve overall security program capabilities.
- Describe the resource constraints facing every security program owner, through the extreme example of a startup with limited resources for security technologies. And how free and inexpensive tools can bridge the gap.
- List a collection of freely available, community-based tools (some open source) that are available for security program capabilities, including business process management, defining business cases, running projects, managing risk, and implementing governance, regulation and compliance (GRC). Compare these to available open source security and hacking tools.
- Conduct better security program operations without major budget expenditures, by leveraging inexpensive open source and community-based tools. Understand the benefits and limitations of the tools described.