There are two kinds of companies: those where leadership cares and… those where they don't. No amount of personal heroics, technical awesomesauce, or the world's greatest tool is going to change that and have the business suddenly get it. Your leadership is an elephant. Large. Moves only when it wants. Tramples things. And… the cleanup! So, how do we move the elephant when and where we want?

We'll talk how to get leadership buy-in for your risk management program, how to translate this for different kinds of offensive/threat assessments (vulnerability assessments, penetration testing, red teaming, and purple teaming), metrics (including real-world data) derived from a detection maturity model I created with business context (alignment) from my work with blue teams. Come with questions and curiosity, leave with actionable insights to build or mature your risk assessment program.