The information security space is awash in point technology solutions. As a defender, how does one choose where to spend a limited security budget when faced with this sea of choices? How can we minimize overlap within the highly dynamic toolset we already own, rationalize vendor relationships, and decommission tools that overlap or no longer justify their operating expense?
We are debilitated by too many choices and similarity of products in security where even experienced practitioners find it difficult to understand the rapid technological evolution and the trade-offs in play.
When clear objectives, goals, and decision-making criteria are not present, people often make buying decisions based on less scientific considerations: what they perceive “everyone else” is buying, unsubstantiated “gut feelings,” pre-existing relationships with vendors or sales individuals, or even who invites them to the best parties or nominates them for the most coveted industry awards.
The practice of information security is maturing rapidly. This transition to more scientific approaches to prioritizing security investments is becoming the standard to justify value. Security practitioners must embrace these mature approaches to strategic defense planning and resource allocation. This presentation will discuss ways to make the best choices to maximize defense coverage with appropriate resource allocation.