Metrics-driven Security: Remaking InfoSec in the DevOps Model?
Think Tank - 10:30 am - 10:50 am
CISOs are probably aware of Google's "Site Reliability Engineering" (SRE) initiative, which takes a software engineering approach to problem solving for operational challenges. Could those same DevOps-esque concepts be used to improve the delivery of information security services? Absolutely! This talk will explore some of the key concepts needed to stand up an SRE-based security engineering team:
Recognizing and reducing toil through automation
Establishing service level indicators and objectives that meet the needs of both customer and supplier
Driving continuous maturation and improvement of security service delivery through metrics
