Writing Cyber Policies that Aren't Miserable for Everyone
Nick Leghorn, Director of Application Security, The New York Times
Nick's Session 1: Writing Policies That Aren’t Miserable for Everyone Involved
Every organization has policies, and for good reason. Consistent decision making, standardized approaches, and clearly defined roles and responsibilities makes sure that everyone understands how to interact with different teams to get things done. Policies are good but almost everything about the way we commonly do them is an awful experience, from the team that has to draft this monstrosity of legalese, to the long and drawn out approval process where arguments about commas last long into the night, to the poor engineers who need to bring it to an oracle to decipher it so they can do their jobs.
Rather than sticking with the status quo, Indeed is trying a new approach to policy documentation that aims to reduce all of these pain points and make policies a legitimately useful document for everyone in the business, from upper management to legal and even engineering teams, all while maintaining compliance with applicable laws and regulatory frameworks.
Nick Leghorn runs the Security Governance, Risk Management, and Compliance team within Indeed. In this talk he will go over the high flying inspiration for their approach to policy documentation, walk through how to craft a BYOD policy in five minutes flat, and talk about some success stories where their document format helped increase productivity and reduce demand on the compliance team.
Nick's Session 2: Building a Security Team that Never Says “No”
Hear Nick and 30+ Cyber Leaders May 10-11, 2022 Online or In-Person
Nick Leghorn is the Director of Application Security at the New York Times. After graduating from Penn State University with a degree in Security and Risk Analysis, his first job was working for the U.S. Department of Homeland Security quantifying terrorism risks and identifying mitigations to provide the best risk reduction for each dollar spent.
Nick has spent his career working for a number of large companies, including Rackspace Hosting, Shoretel, Mitel, and Indeed, improving the security of both the infrastructure itself as well as the processes within the company.
Hear Nick May 10-11 2022 Register for Austin Cyber Show Zoom Events
Join US and Canada cyber community members at the inaugural Austin Cyber Show Conference at Concordia University Texas, May 10-11. During the two-day cyber defense conference, participants can engage in discussions with peer leaders and industry experts on the cyber risks and challenges that businesses, leaders, developers, educators, and students face each day. Attendees will walk away with new insight and leadership lessons learned to defend against ransomware, phishing, and data exfiltration attacks. Five Cyber-By-Fire Skill Certificates are available to earn at the event and via Zoom Events online for 30 days afterward. Certain Zoom Event features only work in US/CAN.