Down The Security Rabbithole

In this episode... The blog post that started it all - http://blog.norsecorp.com/2014/11/10/the-new-reality-in-security-offense-always-wins-and-defense-always-loses/ Vince, tells us what he means by "Offense always wins, defense always loses" We disagree over this snip from his blog post: "To “win” in cyber security, defense must be right 100% of the time, while offense only has to be right once. We must wake up to the reality that defense is an impossible task; no matter what actions we take, we will lose." We discuss how we get away from being Eeyore defeatists? Vince give us security strategies he is advocating knowing that defense is better equipped, and better funded We briefly mention high-value assets, and why it's even more critical today than it has ever been before, and why we still stink at it We challenge Vince to give us some tangible steps to managing risk better, to get away from winning/losing? We discuss how we compress delivery time lines for security competencies? (Average time to deliver