Roger Grimes - What You're Doing Wrong With Your Defense and How to Fix It

Imagine two armies, one good and one evil, fighting a long war. The bad army is having success on the right flank of battle. In response, the good army puts more troops and resources on the left flank of battle or perhaps starts lining troops up vertically in the middle because they heard of a possible pending attack there. They do everything but put more resources on the right flank, and wonder why they are losing. This allegory perfectly describes most computer security defenses, which put the wrong defenses in the wrong places in the wrong amounts. It doesn't have to be this way. Learn how to use better risk and data analytics to craft a data-driven computer security defense, one that is more efficient and timely. Learn what is wrong with most defenses, how it got that way, and how to fix it. You can fight a better fight. Come and learn how! • The Problems • How It Got That Way • How to Fix It • How to Implement a Better Plan • Examples This Presentation was featured at BSides Columbus 2020 on August 21st, 2020