How Can SRE Help Security Governance? Sub-title: How to Unstuck GRC with SRE

Thursday, 27 October, 2022 - 14:4515:30

Mario Platt

Abstract: 

Governance, Risk Management and Compliance (GRC) have been largely stuck in the same way of doing things for decades. The rise of SRE and its methods and practices provides a unique opportunity for GRC functions to radically re-think their role and what would be better managed by SRE functions in keeping organisations secure, by leveraging new ways to think about operational risk, being able to answer "how much security?" and integrating analysis of trade-offs and constraints which SRE already figured out in the context of reliability. Security needs that too

Mario Platt

With over 20 years of security experience, and with roles spanning penetration testing, operations, engineering and Governance, Risk Management and Compliance, Mario is known for his Strategic thinking and pragmatic approaches often bridging the communication gap between technical and governance professionals to enable real collaboration. Mario is the Director of GRC for LastPass and owns the blog www.securitydifferently.com where he talks about different ways to think about security management

BibTeX
@conference {284663,
author = {Mario Platt},
title = {How Can {SRE} Help Security Governance? Sub-title: How to Unstuck {GRC} with {SRE}},
year = {2022},
address = {Amsterdam},
publisher = {USENIX Association},
month = oct,
}