Amélie Koran is a Senior Technology Advocate at Splunk, focused on helping organizations transform, grow and secure themselves in the ever-evolving world of technologies and their accompanying challenges. She arrives at Splunk after nearly 25 years as a technologist, from systems administration and engineering to executive technology leadership in various industries, academia, NGOs, and the government. In the last decade, she’s supported various Federal agencies, leading various projects and initiatives, including modernization activities, cybersecurity policy, and security architecture and operations. Often seen “soapboxing” about technology workforce development, training and recruiting policies, practices and techniques, she’s mostly observed providing measured guidance to InfoSec Twitter at @webjedi and her executive take on DevSecOps at AllTheOps.org.
Abstract: Out of the Limelight is Good : Am I Doing Cyber Right, A "Kingsman's Guide to Cybersecurity
A few years ago I spoke to the value of zero and how it applied to metrics and measurement and how to discuss value. Cybersecurity is a particular nut to crack, as it’s based on avoiding or minimizing the occurrence of a negative outcome, which runs antithetical to general business metrics of “more is better”. Add to the fray that security metrics, short of compliance measures, are far from standardized or universal across sectors and organizations. In this talk we’ll look at how to leverage minimization as a “return on investment” for organizations without using “risk avoidance” as a weasel word. With the advent of DevSecOps, how can you also still ensure that transitioning to a combined responsibility model will help make this easier.