When confronted with expensive security solutions that solve “theoretical” problems we are often faced with this response from leaders, “We only sell ______, why do we need that level of protection?”
We need to help business leaders understand attackers don’t care what we sell; they care about what data they can take.
This talk will cover using relatively easy low impact Red Team exercises to create narratives that business leaders understand. These narratives can then be used to help drive conversations around specific controls within an organization.
We will cover:
- Getting approval and permission for Red Team exercises
- Examples of how to run exercises to drive specific security goals, projects, and initiatives.
- Creating an attack narrative that drives conversations about specific controls
- Relating the Red Team activities to real losses from real companies that were attacked in similar ways
- Presenting the results to business leaders in impactful formats
Attendees should leave the talk with new ideas to help create fast effective Red Team exercises and use the results to guide discussions about risk with leaders.
Click here to download the PDF of the slides: