SAINTCON 2024 - Day 1 - Livestream

Watch SAINTCON 2024's opening keynote on aligning cybersecurity with business goals, building effective security programs, and fostering career growth in the industry.

Key takeaways
  • Cybersecurity programs need to focus on aligning security with business goals and objectives rather than just technical controls and MITRE ATT&CK techniques

  • Communication skills and being “bilingual” between technical and business language is critical for security professionals to be effective and get investment/support

  • The threat landscape has evolved but core attacker tactics remain consistent - organizations should focus on defending against known attack patterns rather than chasing every new vulnerability

  • Security metrics and strategies should be tied to measurable risk reduction and business impact rather than just technical coverage metrics

  • Ransomware and large-scale attacks have forced organizations to finally prioritize security, but many still lack fundamental controls and visibility

  • Making cybersecurity your hobby and constant learning/experimentation is key to growth and success in the field

  • Building relationships, mentoring others, and contributing to the security community helps advance both individual careers and the industry

  • Security programs need long-term strategies aligned with business objectives, not just reactive tactical responses to threats

  • Career growth comes from trying new things and being willing to fail while learning from mistakes

  • The security industry was built on creativity and innovation - security professionals should maintain that spirit while maturing programs