Escape the Questionnaire Quagmire: A thoughtful approach to addressing security inquiries from customers and prospects

BSidesLV 2019

Presented by: Katie Ledoux
Date: Wednesday August 07, 2019
Time: 14:00 - 14:25
Location: Common Ground

Effective third-party security risk management requires collecting a significant amount of information from vendors. That information gathering process often starts with the customer sending the vendor a lengthy infosec questionnaire.

Katie’s team was on the receiving end of those questionnaires, and the significant time and effort required to complete them interfered with progress on imperative security projects. To address this problem, the team created documentation and a new process that lessened their workload, reduced sales cycle friction, and gave customers increased visibility into Rapid7’s security program. Katie will share her approach, the lessons she learned along the way, and the metrics she used to measure success, ensuring you leave this session ready to apply these strategies at your organization.

Katie Ledoux

Katie Ledoux the Manager of Trust and Security Governance at Rapid7 in Boston, Massachusetts. Her team is responsible for security risk management, security compliance, security awareness training, security policy development and exception management, business continuity plan and IR plan development and testing, and access recertification. She has also contributed to projects in data privacy and responsible vulnerability disclosure. You can find her on Twitter @kledoux.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats