That was close! Learning from our near-misses presented at BSidesVancouver 2018

by Adam Shostack,

Summary : There's an old joke: "Half my advertising budget is wasted! I wish I knew which half!" Working on defense, it sometimes feels like the advertising folks are lucky. In security, it's hard to explain why some controls are more important than others. That's because we lack evidence for the effectiveness of those controls. This talk presents a concrete road forward after of several years of looking into 'how can we learn more, faster?' so we can get better at defense?