“Defense In Depth” is considered by most to be a useless marketing trope that vendors used to sell you more boxes with blinky lights that showed you were “serious” about security. Forget that the boxes may or may not do what was advertised, may not provide usable data, or even fail open when they crap the bed.
Instead we decided to build The Perimeter. Higher walls, bigger locks, more money. That didn't work. The Perimeter Is Dead, Long Live The Perimeter!
So what do we do now? What amazing boxes with blinky lights do we need to convince our bosses to fund next quarter?
In this talk I will posit that, more than likely, you actually have (or can easily get) most (if not all) of what you need to create an effective, pragmatic, and resilient security program. I will show that by changing our thinking, our perception of “Fail vs. Win” we can provide real value to our business.
Martin Fisher has been in IT for over 20 years and in information security for the last seven. He's worked in large and small companies in sectors ranging from commercial aviation to finance to (today) healthcare. He is passionate about “Doing Security Right” which means taking a hard pragmatic look at what you need, what you have, and what you need to do. Martin is also the host of The Southern Fried Security Podcast (www.southernfriedsecurity.com) and is known to be something of a Twitter whore.