fwd:cloudsec 2023

fwd:cloudsec 2023

IYKYK: Negotiating the Scope of Security Audits (Even if You DREAD Compliance)
2023-06-13 , Salon C

Death, taxes, and cybersecurity audits are inevitable for most of us. Chances are, you will have to participate in an external cybersecurity audit at some point. Luckily, learning to control your audit scope is a game changing skill for everyone in cyber (perhaps especially folks who dread compliance and those who struggle to scale compliance to cloud). Negotiating scope will protect you from seemingly outdated audit requirements or evidence requests that feel pointless!

This interactive session is formatted as an interactive, mock negotiation between two industry experts - a frazzled cybersecurity pro and a seasoned SOC 2 auditor - who negotiate the scope of controls for a fake cloud-native company. Collectively, the speakers have over two decades of experience in their respective roles, so you can watch them redline notes on a control list and hear them explain their positioning. Will the cloud cyber pro prevail against the big firm audit firm CPA that's auditing her security? Can she avoid burnout and death by evidence requests?

Attend this session to learn critical skills in security audit scope negotiation for cloud-native environments!

Jasmine is an inadvertent career specialist in security data, data security, and privacy for cloud-native startups. She is the current Senior Director of Data Security and Privacy at JupiterOne and a former Security Director at other high-tech startups. As a permanent student, Jasmine is finishing her PhD in Computer & Information Science with a focus on Information Quality at University of Arkansas, Little Rock. She loves Furiosa, WNBA, and her black rescue cat Nandor.

This speaker also appears in: