Playing Doctor: Lessons the Blue Team can Learn from Patient Engagement presented at BsidesCleveland 2016

by J wolfgang Goerlich, Stefani Shaffer-pond,

Summary : At CircleCityCon 2015 in the presentation “Turn Your Head and Cough”, Nathaniel "Dr. Whom" Husted compared security architecture assessments to being a physician. The similarities run deep. Doctors struggle with patient compliance, complex and unclear problems, time and resource pressures, and succeed only when others carry out their recommendations. Doctors struggle all the time. In this session, we explore the field of patient engagement and discuss how doctors are trained to drive patient behavior. We will cover the metrics and reporting used to determine patient engagement. And at each step along the way, lessons will be shared for applying these ideas to information security. So the next time you present an IT compliance report, the next time you share your findings from a penetration test, or the next time you tell developers their code is weak, you’ll be ready to drive behavior and get results by playing doctor.