BSidesSF 2018 has ended
Back To Schedule
Sunday, April 15 • 11:00am - 11:30am
Starting a security program: Thrills and Spills

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Building a security program sounds exciting and exhilarating. Security practitioners tend to focus on technology and policy skills in preparation for such an opportunity. But, developing good emotional intelligence is critical for this role of a security program builder.

Why would the engineering team dedicate cycles to turn on find-sec-bugs, resolve all findings and then be willing to fail the build pipeline on errors? Why would the product team design strong authentication mechanisms that could negatively impact user registration funnel? How to identify and engage key personnel in incident response tabletop exercises? How to rally company resources to resolve the findings of penetration tests? What would encourage employees to report issues and help investigations without the fear of blame or shame?

This presentation discusses the journey of the first security engineer at Lyra Health who had the prerogative and responsibility of setting the security aspirations for the management, employees and customers. With that one single engineer focused on security and supported by a flourishing culture of shared responsibility, Lyra Health achieved HITRUST compliance in the first year of the security program and continues to satisfy stringent requirements from customers.

The key to achieving such cohesion at Lyra Health was an emotional awareness of the purpose, process and demands at each team. With that understanding in place, security gets invited early on to projects, participates creatively in problem solving and contributes as a determined enabler for the collective success of the company.

avatar for Poornaprajna Udupi

Poornaprajna Udupi

CISO, LyraHealth, Inc.
Poornaprajna is currently the CISO at Lyra Health, responsible for Security, Compliance, Cloud Infrastructure, IT and facilities. Previously, he managed product and application security at Netflix, developed scalable, multi-tier, web systems for cloud security and API development... Read More →

Sunday April 15, 2018 11:00am - 11:30am PDT