Behind the cut are the notes I took during DefCon 22, organized by name of presentation. Where appropriate I've linked to the precis of the talk. I make no guarantee that they make sense to anybody but me.
- Integrate with environment
- Continuous monitoring
- People and Process -> Secure Network Architecture -> Secure Systems Design -> Continuous Monitoring -> External Validation -> Compliance
- Compliance, per usual, means dick in the final analysis
- Roughly five year plan w/ deliverables
- Needs organizational supprt. Still answers to the Business.
- Supports, !replaces Business
- Security will not mature past …