Mario Platt
Governance, Risk Management and Compliance (GRC) have been largely stuck in the same way of doing things for decades. The rise of SRE and its methods and practices provides a unique opportunity for GRC functions to radically re-think their role and what would be better managed by SRE functions in keeping organisations secure, by leveraging new ways to think about operational risk, being able to answer "how much security?" and integrating analysis of trade-offs and constraints which SRE already figured out in the context of reliability. Security needs that too
Mario Platt
With over 20 years of security experience, and with roles spanning penetration testing, operations, engineering and Governance, Risk Management and Compliance, Mario is known for his Strategic thinking and pragmatic approaches often bridging the communication gap between technical and governance professionals to enable real collaboration. Mario is the Director of GRC for LastPass and owns the blog www.securitydifferently.com where he talks about different ways to think about security management
author = {Mario Platt},
title = {How Can {SRE} Help Security Governance? Sub-title: How to Unstuck {GRC} with {SRE}},
year = {2022},
address = {Amsterdam},
publisher = {USENIX Association},
month = oct
}
