Governance & Risk Management

Finding Those Security Gaps

NSS Labs' Brian Soldato on Sizing Up Effectiveness of Security Strategy
Brian Soldato, NSS Labs

Many organizations are uncertain about the overall effectiveness of their security strategy because they are still in the dark about aspects of their risk posture, says Brian Soldato of NSS Labs. Conducting a few pen tests a year is not enough, he stresses.

See Also: Live Webinar | Navigating the Difficulties of Patching OT

"A lot of organizations don't understand their entire risk in relation to the threats that are out there today," Soldato says. "They don't understand the things that are in their environment and where the security gaps lie."

As a result, many enterprises are playing a guessing game, according to Soldato, without a clear view into their controls and how they are working.

In an interview at Information Security Media Group's recent Fraud and Breach Summit in New York City, he also discusses:

  • The value of ongoing validation of security products and controls in an environment;
  • Why an occasional pen test is insufficient;
  • Suggestions for quantifying risks for key stakeholders.

Soldato is senior director of product management at NSS Labs. Previously, he led product management teams for various SIEM and behavioral analytics solutions, including Intel Security's SIEM product line.

About the Author

Joan Goodchild

Joan Goodchild

Director of Multimedia Content, ISMG

Joan Goodchild is veteran writer and editor who has been covering security for more than a decade. Before joining ISMG, she was the editor-in-chief of CSO, where she led the team to several national awards, including an AZBEE (ASPBE) for website of the year and several Digital Eddie (Folio) awards for B2B website of the year. Her previous experience in business journalism includes roles as a broadcast and web editor with the Boston Business Journal and as a news writer covering the Windows OS with TechTarget. Prior to that, she worked as a television reporter and anchor for more than a decade. She has a master's degree in journalism from Northwestern University's Medill School of Journalism and is the recipient of an Edward R. Murrow award for investigative reporting.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.