AtlSecCon 2022 has ended
Back To Schedule
Friday, April 8 • 13:00 - 13:45
How Much Should Security Really Cost?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

How much should it cost? Did I spend too much? What is the ROI? What are others spending? What do I do?!?!

These are some of the questions that every IT or security business leader finds themselves asking at some point. Some are told what amount of money has been allocated. Others are simply told to put forth a business case and money will be "found". This simply tells you what you can spend...not what you should spend. Industry experts try to tell us what percentage of the overall IT budget should be spent on security but requesting a flat 10% of a $5m IT may or may not be enough to adequately protect your organization. Then again, maybe it's more than you need. How would you know?

This talk will arm you with one CISO's methods for determining the amount of money that needs to be spent on security for any size of organization and will also present real-world data and tools to justify to the business just how much should be spent for securing YOUR organization to, taking into account real-world constraints such as time, available expertise, business continuity, and <gasp> training.

avatar for Andrew Hay

Andrew Hay

CISO, Lares
Andrew Hay is a veteran cybersecurity executive, strategist, industry analyst, data scientist, threat and vulnerability researcher, and international public speaker with close to 25 years of cybersecurity experience across multiple domains. He prides himself on his ability to execute... Read More →

Friday April 8, 2022 13:00 - 13:45 ADT
Track 1 - Ballroom