Defense in Depth Cybersecurity Has a Prioritization Problem
Aug 7, 2025
Terry O'Daniel, former CISO at Amplitude, shares insights on the crucial topic of cybersecurity prioritization. He emphasizes the need to align security strategies with actual business risks, advocating for better stakeholder engagement. O'Daniel discusses the difference between metrics and actionable measurements, stressing the importance of a proactive approach in security culture. He also highlights the need for effective communication and context in identifying critical assets, while encouraging the development of mature roles within security leadership.
AI Snips
Chapters
Transcript
Episode notes
Chasing Wrong Risks Without Context
- Security teams often fail not for lack of effort, but for chasing wrong risks and alerts due to lack of context.
- Effective security requires aligning risk with business reality and clear communication of priorities.
Engage Stakeholders for Prioritization
- Prioritize security work by engaging stakeholders to understand business risks and needs.
- Collaborate with tool providers to tailor security alerts and reporting to your organization's context.
Focus on What Could Break Us
- Identifying "what could break us" is key to understanding material risks at an enterprise scale.
- Existing tools gather signals well but need better analysis to reveal real threats.