The toughest part of being an information security leader is not fighting the latest malware but rather justifying for security spend. It’s not easy especially in cases where upper management holds an “I ain’t afraid of no ghosts” attitude, wears garlic cloves and knows “who they gonna call”. The result: Companies that do not spend enough and start to build up cybersecurity debt. And when a serious breach happens, they find themselves in a situation where they are given 30 days to pay down that massive debt, including interest. In this session, we will discuss how companies should start repaying their cybersecurity debt and if it is possible to be debt free.