Removing the B.S. from Third-Party Risk Assessments – Merike Kaeo – CFH #21
Risk assessment questionnaires are a standard practice when evaluating current or prospective third-party partners. And yet some folks may justifiably ask: How valuable are these questionnaires if there are no consequences for fudging your answers, or even outright lying? This session will examine common weaknesses and oversights in the third-party assessment process, while recommending how to improve vendor transparency by obtaining key documentation, asking the right questions, and enforcing regulations.
Merike Kaeo is a vCISO at Double Shot Security, which provides corporate governance and executive strategies to secure global organizations. In prior roles, Merike held positions as CISO at Uniphore, CTO of Farsight Security and CISO for Internet Identity (IID). Her foray into security started when she instigated and led the first security initiative for Cisco Systems in the mid 1990s and authored the first Cisco book on security, Designing Network Security, which was translated into multiple languages and leveraged for prominent security accreditation programs such as CISSP. She is a passionate advocate for practical security measures and driving industry change to create a culture of integrity, responsibility and accountability.
Merike has served on the FCC’s Communications Security, Reliability, and Interoperability Council (CSRIC) and since 2010 has been a member of ICANN’s Security and Stability Advisory Committee (SSAC). She served a one year term on the ARIN Board of Trustee and a 3-year term as the SSAC Liaison to the ICANN Board. Merike earned a MSEE from George Washington University and a BSEE from Rutgers University.
Pricing Practices That Fit the Bill – CFH #21
A great many MSSP security professionals are truly passionate about making the digital world a safer place for businesses and their users. But at the end of the day, it is still a business, and good cybersecurity isn't free. And therein lies the strategy around pricing: What pricing models work best for your organization and appeal most to your customer base? And how do you ensure that your pricing policies are fair and transparent? This session will examine the key considerations and best practices around pricing and billing.
