So you've consumed the books. You've devoured the guides. You've ravaged the newsgroups. You've even slogged your way through conferences and, um, pre-conferences. Yet: are you really secure? Are you doing the right things -- that is, if you're confident you even know what those right things are? Do some of the suggestions strike you more as old habits than effective mitigations? Does some of it just seem like effort for the sake of effort -- "security theater," perhaps? If these thoughts rumble in the basement of your brain, then have we got clarity for you. Thing is, a lot of security guidance starts at the end: it assumes what a "secure" environment looks like and tells you how to get there. But where's the analysis of actual threats? Where's the customization for your particular business requirements? Guidance that assumes security is the same for everyone puts you at a competitive disadvantage: you're only as secure as the next guy. Which is probably not all that secure to begin with! How much security do you need? Just enough. The hard part, of course, is figuring out what "just enough" is. In this full-day session, Jesper Johansson and Steve Riley will help you understand how to determine, for yourself, what "just enough" is. You'll learn what you can safely avoid: indeed, a lot of "best practice guidance" is nothing more than repetition of myths, and it's time for such propagation to stop. Come on, let's get better than best.