Rafal Los, Chief Security Evangelist, HP
An unfortunate number of enterprises build their foundations on a false sense of security. They've implemented technical defensive measures, written policies, and have procedures for response - and they feel ‘secure’. The problem is - until they’ve actively tested these out in real-world scenarios much like disaster recovery drills, they have no idea how well-prepared they really are for when the worst strikes. As Information Security leaders often find themselves playing whack-a-mole with compliance, business requirements and resource challenges it can be easy to fall into a sense that everything is under control because on paper the security posture looks good - but how certain are you? Validating human and technical controls, policy elements and response procedures is vital to the prepared enterprise.
This talk will expose the audience to the issues of having unproven security and untested defenses in today’s threat landscape… and encourage CISOs to “break more” to provide their leadership with a better level of assurance of preparedness than they have today.