KNOW THYSELFOPTIMIZING TEAM DECISION-

MAKING

Hi, I’m Kelly

What will I cover?

Cognitive bias?

Prospect theory

Offense vs. Defense

Prospect theory in InfoSec

Other biases in infosec

What are the outcomes?

An outcome

Incentive problems

Cognitive biases in groups

Bosses & risk

Example security org split

The setting

How are CISOs evaluated?

Success & failure for blue team members

Being a cost center adds to the issues

A sample meeting

Current decision making process

Strategies(now entering the realm of decision

trees)

Belief prompting & hard metrics

Example belief prompting

A relevant thought leader quote

Examples of belief prompting

Example progression: Exfiltration

Example AD tree (for illustrative purposes)

Feedback loop

Decision prioritization

As a leader of a group

As a boss

Ideal decision-making process(hopefully as cool as this pic)

Bias-resilient process

Enlightened Conclusion

Final thoughts

Further reading

Questions?