The Hacker’s Guide to Risk Management: Evolve Into a Golden Unicorn | Jaclyn (Jax) Scott скачать в хорошем качестве

The Hacker’s Guide to Risk Management: Evolve Into a Golden Unicorn | Jaclyn (Jax) Scott

🔗 Join us in-person and virtually at our Wild West Hackin' Fest: information security conferences — https://wildwesthackinfest.com/ 🔗 Register for Infosec Webcasts, Anti-casts & Summits. – https://poweredbybhis.com In this session, we’ll decode the mystery of risk management and why it matters to hackers and red teamers. You’ll learn how the vulnerability tools you already use—like Snyk and Qualys—fit into risk management plans and how to level up your skills to communicate risks effectively to leaders and stakeholders. Plus, we’ll break down how to read workpapers and understand the fundamentals of control assessments, demystifying processes that are critical for effective risk mitigation.This session is packed with actionable insights and practical takeaways—so bring your A-game and get ready to rock and roll. Join me to hack risk management, elevate your career, and become the Golden Unicorn that every organization needs. It’s time to own the spotlight and prove that hackers can lead the way in managing risk with innovation and technical excellence. 00:00 - Overview 01:25 - WhoAmI Intro 02:12 - What is Risk Management? 02:52 - Tools to track vulnerabilities 03:36 - Risk definition 04:10 - Risk vs Vulnerability 05:45 - Why do a risk assessment? 07:14 - Why GRC is important 07:59 - How to read Workpapers 09:41 - What to ask 10:25 - How to think of OKRs 12:02 - Business Impact Analysis 12:32 - How much will this cost? 14:06 - Q&A - Deeper view of threat environment? 15:19 - Q&A - A Golden Unicorn discusses Workpapers 19:14 - Q&A - BIA and Gap Analysis 22:03 - Q&A - Certifications 25:17 - Q&A - What is hacking? Understanding the system. 26:36 - Q&A - NIST training for technical people 26:57 - Q&A - Breaking bad news to technical people 28:34 - Q&A - Security as a cost center? 29:31 - Q&A - Discovering vulnerabilities in third-party vendors 30:10 - Q&A - A pentester tells how they got results - documentation and patience 32:35 - Q&A - How to get businesses to formally accept the risk? 34:03 - Q&A - Necessity of Security Champions 36:11 - Q&A - Qualitative vs quantitative analysis ///Black Hills Infosec Socials Twitter:   / bhinfosecurity   Mastodon: https://infosec.exchange/@blackhillsi... LinkedIn:   / antisyphon-training   Discord:   / discord   ///Black Hills Infosec Shirts & Hoodies https://spearphish-general-store.mysh... ///Black Hills Infosec Services Active SOC: https://www.blackhillsinfosec.com/ser... Penetration Testing: https://www.blackhillsinfosec.com/ser... Incident Response: https://www.blackhillsinfosec.com/ser... ///Backdoors & Breaches - Incident Response Card Game Backdoors & Breaches: https://www.backdoorsandbreaches.com/ Play B&B Online: https://play.backdoorsandbreaches.com/ ///Antisyphon Training Pay What You Can: https://www.antisyphontraining.com/pa... Live Training: https://www.antisyphontraining.com/co... On Demand Training: https://www.antisyphontraining.com/on... Antisyphon Discord:   / discord   Antisyphon Mastodon: https://infosec.exchange/@Antisy_Trai... ///Educational Infosec Content Black Hills Infosec Blogs: https://www.blackhillsinfosec.com/blog/ Wild West Hackin' Fest YouTube:    / wildwesthackinfest   Antisyphon Training YouTube:    / antisyphontraining   Active Countermeasures YouTube:    / activecountermeasures   Threat Hunter Community Discord:   / discord   Join us at the annual information security conference in Deadwood, SD (in-person and virtually) — Wild West Hackin' Fest: https://wildwesthackinfest.com/