Presenter:
This talk argues that security programs keep failing because organizations don’t understand their own environments well enough to defend them. The gap isn’t tooling—it’s basic situational awareness of assets, dependencies, and behavior.
Key takeaways
- You can’t defend what you don’t understand
- Incomplete or outdated asset inventories
- Unknown connections between systems
- Hidden dependencies across IT and OT
- This creates blind spots attackers exploit
- Asset visibility is still immature
- Teams don’t have a clear picture of what’s on the network
- Especially true in OT environments with legacy and shadow systems
- “Unknown unknowns” drive risk
- Dependencies matter more than individual assets
- Systems don’t operate in isolation
- Risk comes from how components interact
- Breaking one link can cascade across operations
- Documentation doesn’t match reality
- Diagrams and inventories drift over time
- Workarounds and quick fixes aren’t captured
- The environment evolves faster than it’s tracked
- Operational context is missing
- Teams know what assets exist (sometimes)
- But not how they’re used in real processes
- Without that, prioritization and response fall apart
