Presentation is loading. Please wait.

Presentation is loading. Please wait.

Leadership Lessons From The Dark Side

Published byVictoria Randall Modified over 6 years ago

Similar presentations

Presentation on theme: "Leadership Lessons From The Dark Side"— Presentation transcript:

1 Leadership Lessons From The Dark Side
Adam Shostack

2 Overview Why Can’t Vader and Tarkin crush the rebellion?
Concrete approaches to Leadership Cyber Portfolio Management Call to Action Which one are you?

3 Why Can’t Vader and Tarkin Execute?
Darth Vader: Former Jedi, turned to the dark side “Search your feelings,” “You know it to be true” and “Ancient religions” Grand Moff Tarkin Focused on running a galactic empire for a crazy despot Culture and language Whatever the heck a “Grand Moff” is?

4 This guy is a bad leader!

5 Leadership Effective The Empire Vision Focus Execution Communication

6 How Security Communicates

7 Don’t be like director Krennic, begging for an audience with the boss!

8

9 Gartner’s “Top Ten Security Tech for 2016”
Can you bring these to your board? Cloud Access Security Brokers Endpoint Detection & Response Nonsignature endpoint detection User Behavior Analytics Microsegmentation & flow visibility Sec testing for devops Intel-driven sec ops Remote browser Deception

10 We need to stop presenting like this
The question: why are you telling me this?

11 Leadership: Vision & Communication
Effective Vision Challenging Muddle Concrete Compact Communicative/Clear Contextual No grounding Compliance (with what?) Risk (abstract) No request Collaboration is key to moving large organizations Draw on threat model diagrams

12 Cyber Portfolio Management

13 Analogy: A Financial Portfolio
Account Value Checking $2,500 401K $50,000 Mortgage ($500,000) Student loans ($94,000)

14 Analogy: Financial Portfolio Analysis
Activities: Analysis Inventory Analyze (mathematical) Assess (judgment) Some broadly applicable tools Debt:Asset, savings rate Churn, free cash flow Some very specific Anyone can invent new tools

15 Cyber Portfolio Management: Steps
Inventory (step 1) Analyze (step 2) Assess (step 3) Keeping our eyes on assessment & decisions

16 Cyber Portfolio: Assessment
Key questions Answers are: Right strategy & governance? Managing the right threats? Explain what and why? Concrete Compact Communicative/Clear Contextual Draw on threat model diagrams

17 Cyber Portfolio: Governance example
Governance isn’t about Archer It is about the right resources and leadership “A neck to choke” Leadership, budget, staffing is rarely a “one slide view” (0/10 Fortune 500s interviewed under NDA)

18 Cyber Portfolio: Analysis (Step 2)
Department Security Leader Security Budget Sec Staff Mortgage banking Alice, VP $5.2m/12% 35/100 (35%) Retail banking Bob, Director 3.4m/17% 29/400 (7%) Marketing None $1m/2% 1/35 (3%) Death Star Grand Moff Tarkin Small moon “Security is everyone’s responsibility” Numbers shown as security/total department

19 Cyber Portfolio: Inventory (Step 1)
Where does your money go? Easy to ask, hard to answer Focus on spending, not “assets” — how is money allocated? Look across multiple views Capex & OpEx Salaries Projects & Programs Report-outs Good enough is good enough

20 Analyze (Step 2): Yu’s Cyber Defense Matrix

21 Cyber Portfolio: Present - Investments

22 Applying Cyber Portfolio Management
Improve Security Manage Resources Manage Relationships Applying Cyber Portfolio Management

23 Improve Security Gap analysis Improve coverage Orchestration /
& platform opportunities

24 Manage Resources Identify duplication Low hanging fruit
Vendor management Incident recovery Duplication: as a result of M&A, misunderstandings, etc Low hanging fruit: products change Vendor management: are you in our priority space?

25 Manage Relationships Set & communicate about priorities
Rhythm of business Exec briefings & education

26 Offer for attendees Book on the subject is in the works
Free for today’s attendees! Just promise me feedback! How: Give me a card (or) adam.shostack.org/newthing.html Sign up for “Adam’s new thing” mail list – less than 12 s/year, guaranteed

27 Apply What You Have Learned Today
Next week you should: Get the free book! Inventory your security investments In the next three months you should: Analyze your investments Brief your peers and get their feedback Within six months you should: Brief leadership Set a new standard Benchmark with peers

Download ppt "Leadership Lessons From The Dark Side"

Similar presentations

CTS Strategic Roadmap Walkthrough, v1.2 Dan Mercer.

CTS Strategic Roadmap Walkthrough, v1.2 Dan Mercer.
Product Officer Functional Lecture

Product Officer Functional Lecture
Tech Made Simple: Boosting Your Business Using Technology.

Tech Made Simple: Boosting Your Business Using Technology.
& C ORPORATE A UDIT & S ECURITY. Who We Are A Snapshot of BANK ONE & CORPORATE AUDIT & SECURITY.

& C ORPORATE A UDIT & S ECURITY. Who We Are A Snapshot of BANK ONE & CORPORATE AUDIT & SECURITY.
Forward: Analytics Red Queen Moving Eden Dahlstrom, Director of Research Maturing the November 5, 2015 Practices.

Forward: Analytics Red Queen Moving Eden Dahlstrom, Director of Research Maturing the November 5, 2015 Practices.
Information Technology Assessment Findings Presented to the colleges of the State Center Community College District.

Information Technology Assessment Findings Presented to the colleges of the State Center Community College District.
Ideas 2008 The Next Step. What are we after? Consumable and Understandable by broader department.

Ideas 2008 The Next Step. What are we after? Consumable and Understandable by broader department.
Practical IT Research that Drives Measurable Results Establish an Effective IT Steering Committee.

Practical IT Research that Drives Measurable Results Establish an Effective IT Steering Committee.
Sharing Data: Issues and Opportunities Transportation Research Board Annual Meeting January 22, 2006 Leni Oman Director of Transportation Research Washington.

Sharing Data: Issues and Opportunities Transportation Research Board Annual Meeting January 22, 2006 Leni Oman Director of Transportation Research Washington.
Www.caplus.org.uk Planning & budgeting 25 th November, 2009 Eva Stevens Community Accounting Plus.

Planning & budgeting 25 th November, 2009 Eva Stevens Community Accounting Plus.
MUST Apply found knowledge to identify advantages and disadvantages of various sources of finance (C/B). SHOULD Reach conclusions by justifying choices.

MUST Apply found knowledge to identify advantages and disadvantages of various sources of finance (C/B). SHOULD Reach conclusions by justifying choices.
1 BDO-I2I India-Israel Business Consulting Company Profile 1.

1 BDO-I2I India-Israel Business Consulting Company Profile 1.
State-of-the-States: CIO Priorities, Trends and Opportunities

State-of-the-States: CIO Priorities, Trends and Opportunities
Today’s managers & leaders are challenged unlike any of the past generations in their roles.

Today’s managers & leaders are challenged unlike any of the past generations in their roles.
Customer Experience: Create a digitally led customer experience

Customer Experience: Create a digitally led customer experience
Cautious Consumers 2015 Educurious Partners--All rights reserved UNIT 3 LESSON 9.

Cautious Consumers 2015 Educurious Partners--All rights reserved UNIT 3 LESSON 9.
THE FINANCE DEPARTMENT

THE FINANCE DEPARTMENT
Strategic Planning – How it All Comes Together

Strategic Planning – How it All Comes Together
“Let’s Do This…. No, Let’s Do That”

“Let’s Do This…. No, Let’s Do That”
Six Steps to Secure Access for Privileged Insiders and Vendors

Six Steps to Secure Access for Privileged Insiders and Vendors

Similar presentations

Ads by Google