The presentation discusses the challenges faced by security professionals in protecting organizations against cyber threats and the need to align security missions with business goals.
- The increasing size and scope of technology poses a threat to security professionals
- Security professionals need to align their mission with the business units they serve
- Offensive capabilities alone cannot protect an organization
- The skills gap in the cybersecurity community is a global problem that needs to be addressed
- Diversity in team backgrounds and skillsets can help solve the skills gap
- Internships can provide a source of new ideas untainted by company politics
- Security professionals need to provide business education to their teams
The speaker emphasizes the need for security professionals to align their mission with the business units they serve. Security is often viewed as a cost center rather than a profit center, and therefore, security professionals need to work with other business units to make money for the company. The speaker warns against security nihilism, which argues that if a system is not super secure against unrealistic attacks, it should not exist. However, making things more difficult for attackers has value, as it can cost them money to send spam or force them to burn an o day to gain access to data. Balancing risk is crucial in protecting organizations against cyber threats.