PRIDE for cyber decision-making
Transparency about security-related data collection
GDPR: security vs. privacy
Consider risk avoidance first
Automatic expiration of data access
3rd party data handling
Is your security project adding value?
Data privacy metrics
3 types of data privacy frameworks
Risk appetite descriptions
Policy enforcement
Is compliance even possible?
Leveraging media interviews for broader exposure
Specialist vs. generalist consultants
Building in public
Working with security consultants
Not all risk is cyber risk
Project management and security policies
Breach notification
Prioritization at scale
Published vs. unpublished vulnerabilities
Competing cybersecurity priorities
Tabletop exercises
Standard operating procedures (SOP)
AI-powered code remediation
Resources are always limited
Prioritize risk by ROI
Cyber risk isn't the only risk
Cyber risk quantitifcation case studies
Describing risk in dollar terms
Proactive messaging about "shiny objects"
Communicating security to customers
Automated tests to evaluate patching
Patch by ROI
Security is context dependent
Avoid aspirational security policies
ROI of risk mitigation
Quantitative risk analysis in budgeting
IoT vulnerability prioritization
Smart risk acceptance
OODA loop for cyber decisions
Cloud audits - pick a framework
70% decisions
Cloud audits and misconfigurations
Vulnerability management and incident response
Scaling vulnerability scanning
Testing policies and procedures
Four horseman of risk management
Business leaders as risk deciders
Root cause of ineffective policies and procedures
Managing risk to maximize ROI
Communicating with executives using ALE
Sensitive data generation and trade secrets
Intellectual property protection with AI training
Amazon's $1,401,573 loss from ChatGPT data leakage
Cost-effective data security through deletion
Value of cybersecurity projects
Auditing conflicts of interest
Mapping your cloud environments
Misconfigurations vs. vulnerabilities
Cloud vulnerability disclosure programs
GDPR as a benchmark
Communicating with vendors about data security
3 tools/techniques to protect data privacy
Mapping data flows for privacy
CVSS not good for risk-based patching
People > process > tools
Training teams to deal with AI security risks
Monitoring AI models
Security implications of AI model types
Data classification in AI security
Adapt or die
AI isn't magic
Securing AI
Best practices in AI security
Avoid patching downtime
Risk avoidance by deletion
Patching systems without over-the-air updates
Responding to zero-click vulnerabilities
The most secure email is no email at all
Threat modeling - unknown unknowns
Vulnerability scanning - hypothetical
Vulnerability scanning limitations - scope
Vulnerability scanning limitations - false positives
Vulnerability scanning limitations - reporting and analysis
Open source software - fixing vulnerabilities
Open source software - scanning frequency
Open source software - unknown vulnerabilities
Open source software scanning - overview
Cybersecurity framework - external communication
Cybersecurity framework - metrics
Cybersecurity framework - policies and procedures
Cybersecurity framework - decision maker
Cybersecurity framework - business needs
Data privacy best practices - classification
Data privacy best practices - AI tools
Data privacy best practices - minimization
Vulnerability disclosure program - benefits
Vulnerability disclosure program - bonus points
Vulnerability disclosure program - best practices
Vulnerability patching - context
Vulnerability patching - CVSS
Vulnerability patching - severity
Incident response - escalation
Incident response - regulated industries
Customer collaboration - shared security models
Customer collaboration - trust centers
Data security tools - governance first
Security metrics - showing value
Security metrics - MTTR
Data breach notifications - timeliness
Privacy frameworks - certification vs. legislation
Vulnerability disclosure programs - internal applications
Vulnerability disclosure programs - communication
Vulnerability disclosure programs - security.txt
Vulnerability disclosure programs - payment
Data security strategy - retention and deletion
Cybersecurity policies - goals
Cybersecurity policies - ownership
Cybersecurity policies - communication
Cybersecurity policies - compliance
Cybersecurity policies - changes
Cybersecurity policies - benefits
Cybersecurity costs and benefits - quantification
Cybersecurity reporting - verifying accuracy
Cybersecurity gap identification - “unknown unknowns”
Cybersecurity gap identification - remediation
Penetration testing - communication
Vulnerability scanning and remediation - prioritization
Vulnerability scanning and remediation - mitigation
NIST CSF vs. ISO 27001 - comparison
NIST CSF - mapping to other standards
GDPR data minimization - collection
CVEs - considerations
CVEs - risk
CVEs - process improvement
Cybersecurity crises - process improvements
Freelance security consulting - how to niche
Freelance security consulting - portfolio
Freelance security consulting - marketing
Freelance security consulting - invoicing
Cloud security trends - SaaS prisoner’s dilemma
Reporting Penetration Test Findings - Formats
IT asset risks - prioritization
Cybersecurity costs and benefits - tradeoffs
Managing cybersecurity risks - appetite
Managing cybersecurity risks - alternatives
Managing cybersecurity risks - assessment
Cyber threat intelligence - prevention
Cybersecurity audits - documentation
Cybersecurity frameworks - assessment
Software security - assess risks
Cybersecurity industry standards - contrarian
Third-party audits - benefits
Third-party audits - contrarian
© StackAware. All rights reserved.
Legal and Privacy | Security