Purplecon 2019 mikala easte, risk management without slowing down, https://purplecon.nz/talks#mikala-easte, https://www.youtube.com/watch?v=2S6acN_QY_Y&list=PLS45xFo74VF546tbfXXtKDO03cVrAalM6&index=13&t=0s

most organisations start out relying on people and their expertise when making decisions, but this doesn't scale well and leads to bottlenecks and pain. larger corporates rely on processes, controls and systems, but these can overwhelm smaller companies. i'd like to share some thoughts on how to set up lightweight risk management processes to empower teams to make informed decisions and not just rely on what the security person thinks of it.