“Defense In Depth” is considered by most to be a useless marketing trope that vendors used to sell you more boxes with blinky lights that showed you were “serious” about security. Forget that the boxes may or may not do what was advertised, may not provide usable data, or even fail open when they crap the bed.
Instead we decided to build The Perimeter. Higher walls, bigger locks, more money. That didn't work. The Perimeter Is Dead, Long Live The Perimeter!
So what do we do now? What amazing boxes with blinky lights do we need to convince our bosses to fund next quarter?
In this talk I will posit that, more than likely, you actually have (or can easily get) most (if not all) of what you need to create an effective, pragmatic, and resilient security program. I will show that by changing our thinking, our perception of “Fail vs. Win” we can provide real value to our business.