Many organizations have security programs but they don't have security strategy. Set strategy for your security program that's aligned to and enables your business, don't just check boxes. In this presentation we'll explore different business drivers for a security program, how to set the right scope, and ways to build a security organization that enables the overall organizational as a partner and not a blocker. Presentation given to Infosec Summit in Columbus, Ohio