Loading…
Welcome to OWASP AppSec 2018 USA we look forward to seeing you in San Jose, CA
Friday, October 12 • 1:30pm - 2:05pm
Security Culture Hacking: Disrupting the Security Status Quo

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
This session is an exploration into the world of security culture hacking. In the wake of the "data breach of the day", organizations claim they are more serious about security. The truth is that many still have weak security cultures. At the end of the day, how much actual security culture change occurs post-breach? The answer is not enough. This session describes how to change security culture from the inside out, utilizing best practices and real-world examples. With security culture disruption, the security team attempts to impact employees through positive security learning and experience.

The session begins by introducing the audience to the concepts of security culture and security culture hacking and then explains the security status quo. Security culture hacking is the skills and creativity necessary to disrupt an existing culture and redirect it towards a more secure future. Security status quo is the idea that companies move in a herd mentality and believe that their security must only be an average of their peers. To prove this point, we profile some anonymous organizations based on their external security story versus reality. Next, we'll discuss what makes a good security culture hacker, including the skills required for success in this type of endeavor.

The middle of this session includes a how-to of hacking security culture. Each section includes various tips and stories from real life experience about how to influence security culture. The phases of security culture improvement are explored, including awareness, big learning, and community. In addition, a discussion of organizational reach, marketing, rewards, recognition, and metrics surrounding security culture improvement are explored. It's time to make security fun.

At the conclusion, a plan is laid out for how a learner could put true security culture change into practice in their organization. Audience members receive a 30-60-90-1-year plan for how to implement true security culture change. 

Speakers
avatar for chris_romeo.1y2dtviu

chris_romeo.1y2dtviu

Security Journey
Chris Romeo is CEO and co-founder of Security Journey where he creates and deploys security culture influencing training, consults, and speaks. His passion is to bring security culture change to all organizations large and small through the creation and design of gamified security... Read More →


Friday October 12, 2018 1:30pm - 2:05pm
Regency 2
  • NEW FIELD 1 Track 2