SAINTCON 2024 - Day 1 - Livestream

Cybersecurity programs need to focus on aligning security with business goals and objectives rather than just technical controls and MITRE ATT&CK techniques

Communication skills and being “bilingual” between technical and business language is critical for security professionals to be effective and get investment/support

The threat landscape has evolved but core attacker tactics remain consistent - organizations should focus on defending against known attack patterns rather than chasing every new vulnerability

Security metrics and strategies should be tied to measurable risk reduction and business impact rather than just technical coverage metrics

Ransomware and large-scale attacks have forced organizations to finally prioritize security, but many still lack fundamental controls and visibility

Making cybersecurity your hobby and constant learning/experimentation is key to growth and success in the field

Building relationships, mentoring others, and contributing to the security community helps advance both individual careers and the industry

Security programs need long-term strategies aligned with business objectives, not just reactive tactical responses to threats

Career growth comes from trying new things and being willing to fail while learning from mistakes

The security industry was built on creativity and innovation - security professionals should maintain that spirit while maturing programs