The threat landscape a mighty beast in and of itself -- vast and, perhaps more importantly, constantly changing. In this episode, Brian chats with industry thought leader John Pironti about using threat and security models to consistently monitor landscapes, test scenarios, and why you should prioritize risk management.
I don't believe you can do security until you understand risk. And when I go speak to an executive I never talk to them about security first. I talk to them about risk management first. As in let’s talk about what risk appetite we have, what's our profile, what's acceptable, what are you comfortable with, what's okay for you and then I'll build you instrumentation models and security controls and things like that, that will ensure that we're monitoring to that level of comfort, to that level of capability. We're supporting you in that way and we're demonstrating you with data in a way that you can correlate and say, yes I see how these controls are actually helping me. They don't need to understand how our firewall works, they don't understand how encryption works in detail, how then correlation works, how threat modeling works. They just need to understand principally at a high level.
We will never sell or distribute your information.