This talk will discuss real world techniques for implementing and optimizing a security program that we call RADIO(Recon, Analyze, Develop, Implement, Optimize). Conventional wisdom has historically presented guidance that works well in textbook scenarios or for very large companies but often does not integrate well with small to medium size companies. Our Five Step approach aims to provide more reasonable guidance for small to medium size companies or those organizations with operational models that might not lend themselves well to traditional methods.