Traditionally, security is all about creating obstacles and making it difficult to access data. All too often it means obstacles and difficulties not just for the attackers, but for our own team members. This leads to wasted time, frustration, or clever workarounds that expose parts of our system we meant to protect. But modern security doesn’t have to be this way.

I’m going to share a simple framework that will help you replace some of the annoying security practices with ones that don’t get in your way, talk about how to avoid wasting time implementing practices that make no sense, explain what your CISO wants, and when to push back.