IYKYK: Negotiating the Scope of Security Audits (Even if You DREAD Compliance)
Death, taxes, and cybersecurity audits are inevitable for most of us. Chances are, you will have to participate in an external cybersecurity audit at some point. Luckily, learning to control your audit scope is a game changing skill for everyone in cyber (perhaps especially folks who dread compliance and those who struggle to scale compliance to cloud). Negotiating scope will protect you from seemingly outdated audit requirements or evidence requests that feel pointless!
This interactive session is formatted as an interactive, mock negotiation between two industry experts - a frazzled cybersecurity pro and a seasoned SOC 2 auditor - who negotiate the scope of controls for a fake cloud-native company. Collectively, the speakers have over two decades of experience in their respective roles, so you can watch them redline notes on a control list and hear them explain their positioning. Will the cloud cyber pro prevail against the big firm audit firm CPA that's auditing her security? Can she avoid burnout and death by evidence requests?
Attend this session to learn critical skills in security audit scope negotiation for cloud-native environments!
