Working with budget constraints: Transitioning to threat-informed defensive posture on a budget

Hey blue teamers. >!need your input.!<


**(Context TLDR)**
We're acting as a third-party extension to a team of five InfoSec folks that need help aligning their current security posture with the CISOs Q3-Q4 milestones.

**Org Context:**
\- 1,500 FTEs
\- hybrid work
\- Devs and cloud ops work 90% remote in AWS/Azure
\- 80% Windows, 20% MacOS/Linux workstations
\- Others work hybrid, leverage infrastructure VPN, app gateways, common infra security


**A key milestone initiative:**
\- transition from reactive detection and …

anomaly detection app aws azure blue blueteamsec budget cisos cloud constraints context current defensive detection detection and response extension hey hybrid hybrid work infosec infra infrastructure initiative input key linux macos milestone org party policy posture response security security posture siem signature soar team third third-party threat transition vpn windows work workflows working workstations