Jasmine Henry
Jasmine is an inadvertent career specialist in security data, data security, and privacy for cloud-native startups. She is the current Senior Director of Data Security and Privacy at JupiterOne and a former Security Director at other high-tech startups. As a permanent student, Jasmine is finishing her PhD in Computer & Information Science with a focus on Information Quality at University of Arkansas, Little Rock. She loves Furiosa, WNBA, and her black rescue cat Nandor.
Sessions
“Can you do a security review of our new AI feature by tomorrow?”
Security practitioners face a hard truth. We don’t know what could go wrong with the new AI chatbot or machine learning mode. But, how do you set guardrails for security, safety, or privacy solo in a world where there are few reliable safety guidelines for next quarter’s product roadmap? To achieve safer and more secure outcomes, cloud security practitioners should consider it imperative to adapt to more diversity, equity, and inclusion-informed (DEI) approaches to building threat models.
Easier said than done, right?
While it’s never easy to navigate new collaborative models, cloud security practitioners all have an opportunity to create more diverse, equitable, and inclusive conversations about risk and threats at every stage of the feature lifecycle. This is a practitioner talk given through an intersectional and DEI-focused lens with a particular focus on facilitating greater inclusion and collaboration at every stage of the feature lifecycle. Attendees will learn how to foster greater self-service decisions among product managers, facilitate inclusive premortem meetings, drive a culture of ‘fearless risk documentation,’ and launch a risk amnesty program for anonymous reporting.
Death, taxes, and cybersecurity audits are inevitable for most of us. Chances are, you will have to participate in an external cybersecurity audit at some point. Luckily, learning to control your audit scope is a game changing skill for everyone in cyber (perhaps especially folks who dread compliance and those who struggle to scale compliance to cloud). Negotiating scope will protect you from seemingly outdated audit requirements or evidence requests that feel pointless!
This interactive session is formatted as an interactive, mock negotiation between two industry experts - a frazzled cybersecurity pro and a seasoned SOC 2 auditor - who negotiate the scope of controls for a fake cloud-native company. Collectively, the speakers have over two decades of experience in their respective roles, so you can watch them redline notes on a control list and hear them explain their positioning. Will the cloud cyber pro prevail against the big firm audit firm CPA that's auditing her security? Can she avoid burnout and death by evidence requests?
Attend this session to learn critical skills in security audit scope negotiation for cloud-native environments!