Starting a Security Program - Thrills and Spills

Explore the journey of building a security program from the ground up in this conference talk from BSidesSF 2018. Delve into the critical role of emotional intelligence in developing a successful security initiative, beyond just technical skills and policy knowledge. Learn how to engage engineering teams in implementing security measures, convince product teams to prioritize strong authentication, and foster a company-wide culture of shared responsibility. Discover strategies for conducting effective incident response exercises, addressing penetration test findings, and encouraging employee reporting without fear of blame. Follow the speaker's experience as the first security engineer at Lyra Health, detailing how they achieved HITRUST compliance within a year and satisfied stringent customer requirements. Gain insights on developing emotional awareness of each team's purpose and processes, leading to early security involvement in projects and creative problem-solving. Understand the importance of framing security as an enabler for company success, and explore communication tactics and skills essential for remote work environments.

Introduction
What skills do you need
What skills did you learn
Background
What does Lira Health do
Starting from the bottom
Starting in 2015
Why did you take this role
What was your background
Purpose
Call to Action
High Trust Certification
Responsibility
Emotional Journey
Thinking Trap
Communication Skills
Framing Discussions
Communication Tactics
Presence
Remote working