top | item 43030994

(no title)

Security is about real risk reduction, not chasing whatever’s trendy - but that's what most security teams do and then complain about the results.

Most business functions are metric-driven. Security should be no different. The right approach: convert qualitative insights into hard data, then systematically drive that metric down.

It's not easy. It's hard work, but I've done it at 3 companies. It's doable.

discuss

No comments yet.