BSidesCharm 2022 - Extortion, Chaos and Needless Busywork AKA Vendor Risk Management

Trends in the security and compliance include increased attention to the security posture of critical vendors known as Vendor Risk Management. This has led to the proliferation of third-party risk rating vendors, unwieldy questionnaires, and processes. This talk dives into real-world issues created by this rush-to-rate frenzy and discusses rational solutions for effectively rating vendor risk.

Jim Nitterauer (@jnitterauer)

Currently Director of Information Security at Graylog, Jim and his teams are responsbile for IT Services, Security and Compliance across the organization. He holds the CISSP and CISM certifications in addition to a Bachelor of Science degree with a major in biology from Ursinus College and a Master of Science degree with a major in microbiology from the University of Alabama. He is a 2000 graduate of Leadership Santa Rosa and a 2001 graduate of Leadership Pensacola. He is well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 25 years. Jim has presented at NolaCon, ITEN WIRED, BSides Las Vegas, BSides Atlanta, BSides San Francisco, CircleCityCon, DEF CON, DerbyCon, CypherCon, HackerHalted, Blue Team Village, Blue Team Con and several smaller conferences. He has presented training classes at CircleCity Con and BSides San Francisco. He is a regular contributor to the Tripwire Blog. He regularly attends national security conferences and is passionate about conveying the importance of developing, implementing and maintaining security policies for organizations. His talks convey unique and practical techniques that help attendees harden their security in practical and easy-to-deploy ways. Jim is a senior staff member with BSides Las Vegas, a member of the ITEN WIRED Planning Committee and the President of the Florida Panhandle (ISC)2 Chapter. He served as President and CEO of GridSouth Networks, LLC, a joint venture between Creative Data Concepts Limited Inc. and AppRiver, LLC., and founded Creative Data Concepts Limited, Inc. He stays connected with the InfoSec and ethical hacker community and is well-known by his peers. In addition to his work at Graylog, he devotes his time to advancing IT security awareness and investigating novel ways to implement affordable security controls. When not at the computer, Jim can be found working out, playing guitar, traveling or just relaxing with an adult beverage.