Cybersecurity is about determining what capabilities you have comparing to what is needed, choosing how much of the gap to close, and then accepting or transferring the residual risk. Simple. Yet apparently unattainable. Why? In this session, we will explore the challenge from an executive leadership perspective then break-out the applied fundamentals of decomposition and recomposition of a best-fit stack, how to determine if it is operating effectively, and how to preserve effectiveness based on changes in posture and the dynamic threat landscape.