Session

5 Lies Enterprise Security Still Tells Itself

Nearly 10 years ago, Johnny quit full-time penetration testing out of sheer boredom. The repetitive nature of finding the same systemic problems at company after company made the gigs not only a cure for insomnia, but also exceptionally frustrating to someone who cares deeply about security.Now he’s back, and wow, is he pissed about what he found. Join him as he rants about the biggest (and most actionable) things Large Enterprises are still doing wrong from a cybersecurity perspective, and presents basic frameworks for fixing them!

Your security program is built on a foundation of convenient lies. Your risk register holds 2014 acceptances. Your asset inventory doesn't exist. Your identity perimeter is a joke. Your vendor controls are theater. And that expensive shelfware? It's never actually alerted on anything you'd care about.
This is not a technical deep-dive. This is a no-bullshit inventory of enterprise security theater — the persistent, systemic failures that breach-tested Fortune 500s keep repeating, slide after slide, hack after hack.

In this talk, Johnny Xmas (Global Head of Offensive Security) walks through:

Why your risk register is a graveyard of zombie acceptances with no expiration date
Why you don't actually have an asset inventory (you have a spreadsheet graveyard)
Why your identity perimeter is blurry by design — and how that becomes Midnight Blizzard's entry point
Why vendor risk is theater backed by questionnaires from salespeople
Why you bought expensive controls that don't detect anything because you skipped the 80% of the work that matters

And the kicker: actionable takeaways you can do RIGHT NOW.

This talk is for security leaders, architects, and anyone who's tired of the annual "we need better security" deck that solves nothing. Expect irreverence, real examples, and a hard look at why the same breaches keep happening.

Johnny Xmas

"I don't seek to be well-known, I seek to be worth knowing"

Chicago, Illinois, United States

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top