Ep075: Beyond Compliance: Crafting Effective Security Culture with leaders from Clumio, Mongo DB, Symphony and AWS

From hard-coded credentials to boardroom buy-in, join four tech security leaders from Clumio, Mongo DB, Symphony and AWS, as they unpack how building the right security culture can be your organization's strongest defense against cyber threats.

Topics Include:

• Security culture is crucial for managing organizational cyber risk
• Good culture enables quick decision-making without constant expert consultation
• Many security incidents occur from well-meaning people getting duped
• Panel includes leaders from AWS, Symphony, MongoDB, and Clumio
• Measuring security culture requires both quantitative and qualitative metrics
• Board-level engagement indicates organizational security culture maturity
• Self-reporting of security incidents shows positive cultural development
• Security committees' participation helps measure cultural engagement
• Hard-coded credentials remain persistent problem across organizations
• Internal audits and risk committees strengthen security governance
• Public security incidents change board conversations about priorities
• Leadership vulnerability and transparency help build trust
• Being pragmatic beats emotional responses in security leadership
• Security programs should align with business revenue goals
• Customer security requirements drive program improvements
• Excessive security questionnaires drain resources from actual security
• Security culture started as exclusionary, evolved toward collaboration
• Financial institutions often create unnecessary compliance burden
• Early security involvement in product development prevents delays
• Security teams must match development team speed
• Trust between security and development teams enables efficiency
• Small security teams can support large enterprise requirements
• Vendor partnerships help scale security capabilities
• Process changes work better than adding security tools
• Security leaders need deep business knowledge
• Technical depth and breadth remain essential skills
• Evangelism capability critical for security leadership success
• Influencing without authority key for security effectiveness
• Crisis moments create opportunities for security improvement
• Socializing between security and development teams builds trust
• DEF CON attendance helps developers understand security perspective
• Bug bounty programs provide continuous security feedback
• Regular informal meetings between teams improve collaboration
• Building personal relationships improves security outcomes
• Modern security leadership requires balance of IQ and EQ

Participants:

• Jacob Berry – Head of Information Security, Clumio
• George Gerchow – Interim CISO, Head of Trust, Mongo DB
• Brad Levy – Chief Executive Officer, Symphony
• Brendan Staveley – Global Sales Leader, Security Services, Amazon Web Services

See how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon/isv/