Security sucks. Ask the CISOs and security managers within government agencies and banks that have known about advanced threats such as Operation Aurora for a long time, but have been forced to fund flawed behaviors, antiquated technologies, and narrow scope security projects focused on compliance versus operational efficacy. Ask the financial services and retail enterprises that have spent so much on PCI only to find that they were blindsided by the latest sophisticated attacks in spite of their compliance check mark. Compliance drives I/T security spending and perceptions of successful and complete security programs in many important organizations. Yet, the result often is a sub-optimized security posture rewarding the wrong behaviors and placing emphasis on low impact objectives. Security sucks, but it doesn’t have to. Assuming that a) you are not happy with the current situation, and b) you believe that security compromises are inevitable but want to protect your organization, this session is for you. This interactive session will discuss: 1. Why security sucks: the compliance and platform-related death spiral of current security programs. 2. The importance of Operation Aurora and the Google China hack to advanced threat awareness at the “C†level, greater honesty about living in compromise to advanced persistent threats, and a movement away from compliance-driven security programs. 3. How to ensure that your CEO gets InfoSec news from the security organization, versus from the FBI or NSA regarding sophisticated attacks and compromises within your organization. 4. The minimum components of a sophisticated operational defensive security program in 2010. 5. How to make security suck a whole lot less and make your security team more successful.