In the high-stakes world of security asset management, visibility is everything. Yet many organizations are still making critical decisions without a complete view of their environment, leaving blind spots that attackers are all too ready to exploit.

The challenge isn’t just about tools or talent; it’s about knowing exactly what assets you have, where they are and how they’re secured. Without that baseline, security teams can find themselves reacting to threats rather than anticipating them, often under intense pressure and with limited resources, according to Liz Morton (pictured), field chief information security officer of Axonius Inc.

Axonius’ Liz Morton talks with theCUBE about budget-conscious security strategies.

“We are freaking heroes because we’ve been trying to save the day without really knowing all the things that we needed to know,” Morton said  “Not to be dramatic, but we’ve been working in the dark as an industry for a long time, and it’s kind of stupid, especially when you can just buy some Axonius and solve your problems.”

Morton spoke with theCUBE’s Jackie McQuire at the Black Hat USA event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed budget-conscious security strategies, the evolving nature of industry conversations and the importance of fundamentals in building resilient programs.  (* Disclosure below.)

Rethinking security asset management in lean times

Security priorities are evolving as economic uncertainty and budget scrutiny ripple through the industry. Morton sees the shift firsthand at Black Hat USA, where practitioner-led discussions often drill into the realities of defending critical systems without the perceived “blank check” that security once seemed to command. Those conversations require a mix of technical depth and business acumen to structure deals that deliver value while advancing security asset management goals and fitting into constrained budgets, according to Morton.

“Very often, what I’m hearing from [chief information security officers] is that their teams love us and really want us and won’t leave them alone about buying us, but they can’t get the spend,” she said. “They can’t get the buy-in, they have to cut, they have to justify. I’m having some pretty sophisticated conversations about how to make that happen, how to structure a deal that works, how to get us in the door.”

Organizations can strengthen their security posture by focusing on fundamentals before chasing the latest high-profile tools, according to Morton. Building a clear understanding of their environment and risks — even when that process reveals uncomfortable truths — is essential for effective security asset management, along with a commitment to continuous improvement.

“Look, it’s no joke trying to run security for any organization, especially if you’re running critical infrastructure; the pressure can be immense,” she said. “It can be very daunting, I think, to really take a look at what you really have and then say, ‘Okay, today, day one, we’re going to start a program of continuous improvement. We’re going to do the basics. We’re not going to buy the fancy whizzbang tool that’s getting all the attention on the floor at Black Hat.’”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Black Hat USA event:

(* Disclosure: Axonius Inc. sponsored this segment of theCUBE. Neither Axonius nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE