Explore strategies for navigating the complex interplay between regulation and security in heavily regulated industries through this conference talk from BSidesSF 2017. Learn how security teams can overcome bureaucratic, compliance, and political challenges to achieve their security goals. Gain insights from real-world examples spanning major US industries, covering topics such as HIPAA, compliance automation, risk management, and dealing with conflicting directives. Discover practical approaches for driving change, implementing test-driven development, and managing multiple platforms while balancing regulatory requirements and security objectives.