Building a Data-Driven Security Strategy

Explore a comprehensive approach to data-driven security strategy in this 40-minute conference talk from RSA Conference. Learn how to align security initiatives with organizational vision, define strategy through mission-supporting plans and projects, and implement a practical security strategy. Gain insights from Gabriel Bassett, Senior Information Security Data Scientist at Verizon, on minimizing organizational friction and optimizing resource utilization. Discover various strategy options, including Reactor, Obsidian, Risk, and Compliance approaches, and understand how to apply the NIST Framework. Walk through an end-to-end example demonstrating the process of building and implementing a data-driven security strategy, equipping yourself with the knowledge to enhance your organization's security posture from CISO to engineer level.

Introduction
What is a strategy
Transition from objectives to security controls
Strategy definition
Measures
Machine That Won
Security Decisions
Reactor Strategy
Obsidian Strategy
Risk Strategy
Compliance Strategy
NIST Framework
Demonstration
Conclusion