Our monthly AMA on r/cybersecurity on Reddit has begun!
Our topic is “I’m a security professional who transitioned our security program from compliance-driven to risk-based. Ask Me Anything.”
For this edition, we’ve assembled a panel of CISOs and security professionals to talk about a transformation many organizations struggle with: moving from a compliance-driven security program to a risk-based one.
They’ll be here all week to share how they made that shift, what worked, what failed, and how to align security with real business risk — not just checklists and audits.
Please ask questions for our participants here.
This week’s participants are:
David Cross, (u/MrPKI), CISO, Atlassian
Kendra Cooley, (u/infoseccouple_Kendra), senior director of information security and IT, Doppel
Simon Goldsmith, (u/keepabluehead), CISO, OVO
Tony Martin-Vegue, (u/xargsplease), executive fellow, Cyentia Institute
Thanks to all of our participants for contributing!
Got feedback? Join the conversation on LinkedIn.