Somewhere between the down in the trenches day to day operations of IT security and the high level, watered down strategies consumed and regurgitated by the CxO community, there lies some ground truths in what’s occurring in the information security universe.
“What’s the best firewall to buy?” and “How to I configure it?” aren’t as important questions as “What does a firewall really buy me given the current threat environment?” Conversely “What percentage of my IT budge is spent on security?” isn’t as important as “Am I spending my money in a manner that protects my assets as effectively as required for my business?” and “How have I adapted from the ‘defend everything’ to ‘accept compromise and worry about detection and mitigation’ mindset?”
It’s easy to get caught up in the weeds of the currently state of infosec. It’s a highly dynamic field and the specific threats and products change daily. However, the ground truth of what’s really going on changes much more slowly. By paying attention to the important truths of IT security, you can focus on the important aspects of securing what you really care about and not get lost in the details that simply waste time and cloud the real problems.
 

Back to Derbycon 2011 video list