Cyber Security Summit 2024

Today I spoke at the 14th annual Cyber Security Summit! My talk, Security Differently, was a slightly shorter version of the one I gave at Secure 360.

I enjoyed presenting in the main ballroom, and got positive feedback from attendees afterwards - I only wish I had more time to answer questions!

Here is the link I shared in the QR code at the end: https://bento.me/jbenninghoff.

Session Description

Cybersecurity, especially traditional security, has stagnated; adding security controls has appreciably improved outcomes and we continue to struggle with basic problems like vulnerabilities. Safety faced a similar problem 10-15 years ago; scientists and practitioners saw that safety outcomes were stagnant and concluded that the traditional method of avoiding accidents through centralized policies, procedures, and controls was no longer driving improvements.

I believe we’re seeing the same thing in security: historically, we’ve focused on constraining worker behavior to prevent cybersecurity breaches, and the limits of that approach are becoming increasingly clear. Adapting concepts from Safety Differently and Safety II offers a solution, by supporting success and focusing on positive capacities. In this talk, I will present practical advice on how to create a security program based on modern safety principles using evidence from both security and safety, and how it changes the role of the security professional.

Slides

My slides with notes, including references, are here.

Video

The talk was recorded, and I will post a link when it becomes available!