Jess Dodson was a recent guest on the RunAsRadio podcast.
Here's the synopsis of the podcast:
How do you improve the security of your organization? Richard talks to Jess Dodson about the current security environment we're living in and what you can do to improve your security posture. Jess talks about how breaches happen and what you can do to detect them early before things get worse. The conversation dives into getting more resources - in most cases, improving security means having the time to work on preventative measures, like implementing multi-factor authentication, security information and event management, and setting up Just Enough Administration. And you need the time to review the activities in your network to let you stop a breach before it turns into something worse!
It's well worth your 40-odd minutes.
But Jess had a couple of points that I want to emphasize.
At 21:34 she says:
And then at 33:15 she says:
I think that is an excellent way to explain to management the objective.