Successful defense occurs when the interests of a security team's stakeholders intersect with the attackers actions. This session provides a three-part management methodology to enable defense-in-depth through effective stakeholder and threat management. Internally, the method models the political power of our target audience, the audience coverage of our message, the timing, and the benefits used to influence our audience. Externally, the method models the attacker's objectives, tactics, techniques, and mitigating controls. Using this story-driven security methodology, we can identify what our allies need, identify what our attackers want, and build business cases to satisfy one while thwarting the other.
J Wolfgang Goerlich supports information security initiatives in the healthcare, education, financial services, and energy verticals. As Vice President of Consulting Services for VioPoint, Wolfgang leads an information security team specializing in managed services and penetration testing.