Tag: risk_management

ABSTRACT

Kevin is excited to share his knowledge on the role of third party risk management in the information security industry. He will take the audience through a journey on how we all got to the lovely world of 1000 row questionnaires. From the beginnings of security compliance in the late 1990s, to the rise of AI specific security questionnaires, Kevin will discuss how the industry has changed its approach to reviewing external vendors over the years. A veteran of answering hundreds of thousands of security questions of all kinds, he will provide an overview of how the industry has changed from NDA heavy, painful RFP processes to much more transparent and accessible trust centers. His hope is that by the end of the presentation, you will have new ideas and thoughts on how you can streamline your own organization’s TRPM processes, as sellers and/or buyers. You may even be inspired to create a public trust center of your own!

BIOGRAPHY

Kevin Qiu is a seasoned information security professional with a decade of experience securing companies in various verticals. He is currently the first security hire at the Series B company Shiftsmart. Prior to this, he spent 3 years helping organizations of all sizes build out trust centers to streamline the security review process. He is also an advisor to a multitude of security startups and enjoys mentoring individuals looking to break into the security industry.

ABSTRACT

Ever noticed how nobody likes ice cold butter on warm toast? That’s the perfect metaphor for how many organizations approach risk management – cold, rigid frameworks meeting warm, complex human systems. This talk challenges traditional GRC programs that ignore the human element, despite risk being part of our daily decision-making. We’ll propose a more nuanced approach that blends relationship dynamics, systems thinking, and cultural awareness to create programs that actually stick. Since dramatic transformations are rarely achievable or sustainable, we’ll focus on consistent 1% gains, knowing when to lean on numbers and when to address underlying fears and metaphors. We’ll pull insights from social science and psychology, helping us navigate the balance between art and science in risk management, transforming it from a dreaded necessity into something people and teams will embrace.

BIOGRAPHY

Jason was previously the Head of GRC globally for Starbucks, and is now a certified Leadership & Team coach. He brings 20+ years of experience in Cybersecurity, Risk Management, GRC, and Privacy to his work with those in high stress roles. Day-to-day he works with leaders & teams centered around their development goals, helping identify obstacles that might be getting in their way, and then working to break free from anything limiting them. He applies coaching and the social sciences to work in risk management with people and teams, understanding the most powerful component of managing risk: the human beings involved in making those decisions.