Minimum viable security: reaching a realistic SMB security maturity?

Thursday 5 October 14:30 - 15:00, Red room

Claus Cramon Houmann (Peerlyst)

Through my time as CISO for a small bank - where security was non-existent when I first started there as a consultant - I discovered how regulatory and compliance requirements drive budgets in the financial industry. I also learned along the way that more was needed to give SMBs a real chance, and I learned that all the expensive toys you hear people talk about on Twitter or at conferences are often simply not possible on a SMB budget. So my team and I focused on the basics and getting good at them, and over a period of 3+ years we built a defensive posture that I am proud of. I have built a framework around this defensive posture called "Minimum Viable Security" - controls, mitigations and procedures that anyone can realistically put in place with even a small team. This framework represents the level of defence you can expect any SMB to be able to put up, but still falls horribly short of what you would want a real defensible infrastructure be able to put up. I will discuss why SMBs can probably never be expected to go much above this and the reality in which SMBs live.



Claus Cramon Houmann

Claus is a former bank CIO and CISO, who is now working as a community manager for Peerlyst Inc., a website dedicated to building a repository of knowledge for all information security professionals to help defenders everywhere do their jobs better, faster.

Claus is a volunteer for I am the Cavalry and spends most of his time trying to make connected things and companies safer and more secure.



Click here for more details about the conference