We base security on assumptions. We assume our tools, people and processes are working, vendor default configurations are right for us, if something was working before it’s still working now, and ongoing configuration changes are accurate. The sad truth is, we’ve been doing security wrong for so long that it feels right, but statistically, more is broken than working. We need to think differently about security and become a security hero. As a security hero you can ensure that the dollars spent, plus the effort expended, results in value and increased security effectiveness. See firsthand, through use cases and demonstrations, how you can empirically determine what’s working and what’s not across your security stack. See how to fix what’s broken, then validate that the fix worked. Understand how you can put an end to assumptions and environmental drift and communicate the state of security effectiveness to your stakeholders. Be the security hero your organization needs.