Are We Secure?: How To Answer The Unanswerable

Justin Berman

Security teams measure themselves every day. CISOs struggle to evaluate the health of their programs and end up relying on metrics that mean very little. This talk is all about how to take an activity that feels like a waste of time, and use it to have a real picture of the health of your program, and to drive accountability throughout the organization. We want to do this while pushing more and more ownership to the team for the outcomes and rely less on the traditional centralized decision models. You'll learn what a meaningful measurement is, some thoughts about how to implement this in your organization, and how this will make your work better, and allow you to focus more clearly on what matters to reduce risk.

Speakers Bio: Justin Berman is the CISO of Zenefits, but he’s not your typical CISO. Justin thinks very deeply about security concepts and processes that most take for granted. Reflecting on every detail of his program allows him to make more informed decisions where it matters most. Justin cares genuinely about the wellbeing of his team and the efficacy of his program. In a previous life, Justin was a professional photographer and a professional chef.