Slides: Click Here
This is the presentation that I would have given myself 10 years ago.
Every day we get distracted from what we should be focused on by the latest breach notification, the latest glittery and sparkly product, vendor promises, or just the latest information security squirrel that runs by our desk.
Having a defendable network depends on a foundation of solid (sometimes boring) controls that are easy to implement, but hard to stick to.
This is how my team (blue) won our last red team engagement.