Share
))
HBO and The Ringer's Bill Simmons hosts the most downloaded sports podcast of all time, with a rotating crew of celebrities, athletes, and media staples, as well as mainstays like Cousin Sal, Joe House, and a slew of other friends and family members who always happen to be suspiciously available.
…
continue reading
Building an Effective Data Security Program - Matthew Gonzales - Guardians of the Data - Episode #16
Manage episode 519255299 series 3677661
Content provided by Ward Balcerzak. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Ward Balcerzak or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
Are you building a data security program that truly works or just checking the boxes for compliance?
In this episode of Guardians of the Data, Matthew Gonzales, Director of Data Security Engineering, shares what it really takes to build and sustain an effective data security program. Drawing from his 20 years of experience, Matthew stresses the importance of having a structured data security strategy, incorporating business objectives, control frameworks, and operating models. The conversation dives into the nuances of stakeholder engagement, effective communication, and proactive governance. Matthew also shares insights from his own journey in the industry, emphasizing the need to align data security practices with evolving technologies like AI. This episode serves as a comprehensive guide for organizations looking to fortify their data security frameworks.
Takeaways:
- Define a Clear Vision and Mission for Data Security: Start by establishing a vision and mission that aligns with your organization’s broader goals. This sets the tone and direction for your data security program.
- Set Specific Business Objectives: Identify concrete goals, such as global deployment of DLP or minimizing friction for end users, to guide your program’s efforts.
- Establish a Control/Capabilities Framework: Clearly outline what is in scope for your data security program to avoid overlap and friction with other teams (e.g., cloud security, IAM, networking).
- Develop a Robust Operating Model: Map out how your program will operate, including who needs to be involved (cybersecurity peers, legal, HR, privacy, infrastructure, etc.). Use tools like RACI matrices to clarify roles and responsibilities.
- Engage Stakeholders Early and Often: Identify key stakeholders, blockers, and influencers. Bring them together to present your strategy, gather feedback, and secure buy-in.
- Maintain and Update Your Operating Model Regularly: Don’t let your operating model get stale. Update it proactively (ideally monthly or quarterly) to reflect organizational and technological changes.
- Foster a Culture of Self-Service and Openness: Encourage employees to ask questions and seek guidance on data handling. Success is when people proactively reach out for advice.
Quote of the Show:
- “Without a good program, you’re kind of lost in the dark, fumbling around trying to find a light switch.” - Matthew Gonzales
Links:
Ways to Tune In:
- Transistor: https://guardiansofthedata.show/
- Spotify: https://open.spotify.com/show/5gZXInkb12Qrs2Lyv0hstQ
- Apple Podcasts: https://podcasts.apple.com/us/podcast/guardians-of-the-data/id1826819323
- Amazon Music: https://music.amazon.com/podcasts/0754cdde-f1c4-4f6c-92a2-e263f7840eb8/guardians-of-the-data
- iHeart Radio: https://www.iheart.com/podcast/269-guardians-of-the-data-285972170/
- YouTube: https://www.youtube.com/@GuardiansoftheDataPod
18 episodes
