BSidesTO 2015 - Max Cizauskas - Weaving security blankets

Vendors have controlled the information security tool-set conversation for too many years and we recognize now that the agenda they've been pushing on us hasn't gotten us any closer to being more secure in the long term. Research firms and third party comparison groups pit tools against tools, and respectable organizations speak of a 20 to 35 product categories that are effective against the current landscape, but no one is going to map those capabilities against your organization's needs other than you. Break the cycle of being told what to buy by coming up with objectives that vendors need met. This talk is to spread the mindset that we are the vanguard of security industry, and that the only way to efficiently get what you need is to first go through a period of introspection and then hold others to measures that you come up with. Even though security tools come and go, threat actors increase and change, and the platforms your protecting migrate, you don't have to throw all that mind share away to start all over again; You apply the framework that meets your organization's objectives and retool to address the new landscape.