was asked a really interesting question in an interview yesterday: given a budget, which areas of security spending produce the greatest and worst (or negative) ROI?

my answer:

positive: SSO/OAuth, hardware keys

worst: DAST, DLP, honorable mention to poorly configured IDS’s

what’s your answer?

Comments