How can we transform security audits from routine checks to strategic assets?

In our latest Super Cyber Friday event, "Hacking Security Audits: An hour of critical thinking of how to improve this vital process," we went into the effectiveness of current security audits, explored the possibility of innovation within the auditing process, and discussed the potential of automation in modernizing audits.?

Joining us for this discussion were Leith Khanafseh , managing director of assurance & compliance products at Thoropass and Rose Songer, CISSP , director of IT and compliance at Spring Health .

HUGE thanks to our sponsor, Thoropass

Watch the full video here:

Join us next Friday (01-26-24) for Super Cyber Game Show Friday

Please register for next week’s (01-26-24) Super Cyber Game Show Friday , where the entire event will be packed with cyber games.?

Did you know that we have an events calendar? Visit our events page to subscribe so you can stay up to date on Super Cyber Friday and other CISO Series content.

Best quotes from our guests

“I’m seeing organizations embracing audits and the value that they have. There’s creativity there. Technological integration helps time management, but the integration is on the business side.” - Rose Songer, Spring Health

“Developing a partnership with your auditor is important to ensure subsequent years of successful audits. Some people think auditors come in trying to find the bad things you’re doing. The majority of audits want to help companies improve their security and compliance posture.” - Leith Khanafseh, Thoropass

“I spend a lot of time curating relationships across the organization. Controls are controls. But there is a lot of value building rapport with stakeholders. If I understand their pain points, I can make their lives easier from a compliance perspective.? You need to calibrate to their pain points.” - Rose Songer, Spring Health

Quotes from the chatroom

“Tie audit requirements to business initiatives and objectives” - Dr. Dustin Sachs, DCS, CISSP, CCISO ,?senior manager, information security risk management, World Fuel Services

“Know your critical SMEs and get their walkthrough meetings scheduled first. Bonus if you can combine multiple topics if it's the same person who owns multiple processes” - Kade Hennings , information security analyst, staff, Code42 (acquired by Mimecast)

“Ensure your KPIs are in-line with the auditor's / framework requirements.” - Brian Colt , head of IT and security, DASH Financial Technologies

“Don't let a bad audit ever go to waste. Use the findings as rationale for your security budget.” - Duane Gran , director of information security, Converge Technology Solutions Corp.