DeadEyeDan
NES Member
It’s a hard conversation to have about security today, leadership wants reassurance that they are protected... all you can honestly talk about is risk mitigation strategies. That you can’t really stop a dedicated and skilled attacker, you can make your organization a harder target and a less likely target of opportunity, reduced the scope of a breach, reduce the time to detection, increased your forensic abilities, and reduce you time to restore and recover... but you can’t always stop it and that’s what leadership wants to hear. But you still need ever increasing resources to even provide that much...