When a security program isn’t as good as it should be, it can be tempting to conclude more resources and solutions are necessary. GrafTech’s Jack Nichelson decided to take a different approach: simplifi cation. By focusing on fewer problems with bigger returns, he was able to reduce malware by 60 percent and improve the results of his annual pen report. He shares a back-to-the-basics case study for removing complexity and running a simple, effective, startup-worthy security program.