Maturing Information Security When Compliance Doesn't Cut It

Explore a comprehensive conference talk on maturing information security beyond compliance standards. Delve into Joey Smith's personal experiences and professional insights as he discusses the evolving attack surface, business alignment challenges, and the limitations of traditional compliance models. Learn about a strategic approach to security maturity, including timelines, social engineering tactics, access control, and identity management. Discover practical strategies for policy enforcement, on-net vs. off-net security considerations, and the implementation of an Information Security Operations Center. Gain valuable knowledge on enhancing security awareness and the importance of recognizing and rewarding security-conscious behavior within organizations.

Intro
Nightclub
What it is like to be in the middle
Joeys background
Joeys wife Ashley
Audrey
Logan
Attack Surface
Growing Attack Service
Business Alignment
Compliance
Compliance Model
Compliance doesnt cut it
Joeys approach
Maturity
Timeline
Social Engineering
Access Control Identity Management
What do I do in Year 3
Policy enforcement in people
Onnet vs Offnet
Information Security Operations Center
Security Awareness
Catch of the Quarter