Building a Security Team that Never Says No

Building a Security Team that Never Says “No” One of the most prevalent perceptions of any security team is that they just always say “no,” that they will be a blocker to progress and slow things down. This leads to teams circumventing the security process, lack of support from leadership, and an inability to implement any good new security measures. It’s a story that we all have seen time and again throughout the industry. As more companies are starting to understand, having a strong security culture doesn’t necessarily mean having to always be a blocker. Instead, implementing a security program with the mindset of never saying no to any request or new idea can enable the security team to effectively implement security controls and improve the company’s security posture at a rapid pace in collaboration with the business instead of fighting against it. And doing it all even with a smaller security team. Learn about the concepts and frameworks that companies like Indeed have established to enable this remarkable change, the mindset that is needed within the security team to make them successful, and how avoiding a single word can lead to dramatic changes in perception. The alternative is: Nick Leghorn is currently the Director of Application Security at the New York Times, and previously built the Security GRC team within Indeed from the ground up using these same principles. Nick has spent his career working for a number of large companies with complicated environments including Rackspace Hosting, Shoretel, Mitel, and Indeed improving the security of both the infrastructure itself as well as the processes within the company. About Nick Nick Leghorn is the Director of Application Security at the New York Times. After graduating from Penn State University with a degree in Security and Risk Analysis, his first job was working for the U.S. Department of Homeland Security quantifying terrorism risks and identifying mitigations to provide the best risk reduction for each dollar spent. Nick has spent his career working for a number of large companies, including Rackspace Hosting, Shoretel, Mitel, and Indeed, improving the security of both the infrastructure itself as well as the processes within the company. Hear Nick and 30+ Cyber Leaders May 10-11, 2022 Online or In-Person