Defense in Depth What is the Visibility That Security Teams Need?
Oct 9, 2025
James Bruce, Business Security Services Director at WPP, shares his expertise in security across diverse environments. He highlights the transformation of visibility into actionable intelligence, emphasizing its importance beyond just dashboards. Bruce discusses the critical need for risk-based prioritization, advocating for focusing on essential assets instead of chasing every vulnerability. The conversation navigates the complexities of identity management and the pitfalls of relying solely on dashboard metrics, exposing gaps that can jeopardize security.
AI Snips
Chapters
Transcript
Episode notes
Define What Visibility Means
- "Visibility" is an overloaded term and often lacks a shared definition between vendors and buyers.
- Clarify what specific visibility you need before evaluating solutions to avoid misalignment.
Visibility Without Action Creates Risk
- Some CISOs prefer less raw visibility and more automatic action to avoid legal/operational exposure.
- Visibility that raises problems without enabling response can create liability and reluctance to 'ring the bell'.
Discovery Reveals Hidden Risks
- James Bruce recounts discovering unknown privileged accounts and lateral movement as core visibility gaps.
- He cites M&S ransomware triggered by a social-engineered service desk password as a real example of unknown risks.