In this episode we review the lessons of this year’s Black Hat and DEF CON. In particular, we talk about how things have changed with the students we have in class, now that we’ve racked up over 5 years of running trainings on cloud security.
Mike and Rich discuss the ugly reality that GDPR really is a thing. Not that privacy or even GDPR are bad (we’re all in favor), but they do require extra work on our part to ensure that policies are in place, audits are performed, and pesky data isn’t left lying around in log files unexpectedly.
With the continued challenge of detecting attacks and the increasing focus on detection and response, it’s time to take a step back and make sure that the efforts (and investments) are done with an eye towards a more strategic means of making decisions about how to allocate scarce security resources and which alerts need which priority. In this paper, we present our ideas around achieving true enterprise visibility, what role analytics plays in the decision making process, and finally how to Evolve to Security Decision Support.