AtlSecCon 2022

How much should it cost? Did I spend too much? What is the ROI? What are others spending? What do I do?!?!

These are some of the questions that every IT or security business leader finds themselves asking at some point. Some are told what amount of money has been allocated. Others are simply told to put forth a business case and money will be "found". This simply tells you what you can spend...not what you should spend. Industry experts try to tell us what percentage of the overall IT budget should be spent on security but requesting a flat 10% of a $5m IT may or may not be enough to adequately protect your organization. Then again, maybe it's more than you need. How would you know?

This talk will arm you with one CISO's methods for determining the amount of money that needs to be spent on security for any size of organization and will also present real-world data and tools to justify to the business just how much should be spent for securing YOUR organization to, taking into account real-world constraints such as time, available expertise, business continuity, and <gasp> training.