Summary: The future of InfoSec and business management relies on a combination of policy, state, standard operating procedures (SOPs), and action. Human involvement will mostly focus on creating ideas and strategies, while AI and automation handle execution and implementation. This shift means that many tasks can be automated, making security an integral part of the process rather than a separate effort.
InfoSec—and in fact business management in general—is evolving into the combination of four things:
Policy (entity identity/goals)
State (assets, configuration)
SOPs (approved execution pipelines)
Action (Humans/Automation that merge State/Policy) (View Highlight)
Everything is a pipeline. Including the building and validation of software.
The human part is the desire to build, and the ideas for what to build. (View Highlight)
Much of security comes down to things being built or implemented the wrong way, and there being nowhere near enough people or time to clean up afterwards. (View Highlight)