Cybersecurity That Actually Works
In a cybersecurity industry driven by constant innovation and new tools, it’s easy to lose sight of what actually works.
In this episode of Detonation Point presented by Elastio, Elliott Franklin, Chief Information Security Officer at Fortitude Re, shares a practical approach to building cybersecurity programs that are effective, sustainable, and aligned with the business.
Rather than chasing every new solution, Franklin focuses on discipline, fundamentals, and making security work inside real-world organizations.
Why Most Cybersecurity Programs Fall Short
One of the core themes of the conversation is that many organizations overcomplicate cybersecurity. Instead of starting with risk and fundamentals, teams often jump straight to buying tools.
Franklin explains that this approach leads to wasted spend and underutilized technology. In many cases, organizations invest in advanced solutions without the people or processes needed to manage them effectively. The result is a false sense of security; the tools are in place, but they aren’t properly configured or delivering value.
People, Process, Then Technology
A key takeaway from the episode is the importance of prioritizing people and process before technology.
Franklin emphasizes that not every problem requires a new tool. In fact, many security challenges can be addressed by improving visibility, access control, and operational discipline. When organizations skip these steps, even the best tools can fail.
This perspective challenges a common industry mindset and reinforces a more sustainable approach to building security programs.
A Risk-Based Approach to Security
Another major theme is the importance of risk prioritization. Many organizations attempt to secure everything equally, which is both inefficient and unrealistic.
Franklin advocates for identifying critical assets, understanding business impact, and focusing resources where they matter most. This approach allows security teams to make smarter decisions and avoid spreading themselves too thin.
Security Should Enable the Business
Perhaps the most compelling insight from the episode is Franklin’s philosophy on the role of security within an organization.
Rather than acting as a blocker, security should help the business move forward. In one example, Franklin describes loosening web restrictions after discovering that employees were spending hours trying to bypass controls. By rethinking the approach, the organization improved productivity while reducing risky behavior.
This mindset reflects a broader shift in cybersecurity leadership, one that balances protection with practicality.
Building Cybersecurity That Actually Works
At its core, this episode is about simplicity and discipline. Building cybersecurity that actually works doesn’t require chasing every new trend. It requires:
- A clear understanding of risk
- Strong fundamentals
- The right balance of people, process, and technology
- Alignment with business goals
For organizations looking to improve their security posture, Franklin’s approach offers a practical and proven path forward.
More from the Detonation Point Blog
Interested in building cybersecurity programs that actually work? Explore more conversations from the Detonation Point blog focused on practical security leadership, risk, and real-world decision making:
- Cybersecurity Trends: 2025 in Review and Predictions for 2026 with Jason Shafferman
- Why Security Awareness Training Is Failing and What Actually Works with Robert Siciliano
- Fixing Cybersecurity Training: From Punishment to Results with Craig Taylor
Listen to the Full Episode
If you’re responsible for building or leading a security program, this episode offers a grounded perspective on what it really takes to succeed.
🎧 Watch or listen to the full episode on YouTube, Apple Podcasts, and Spotify.
YouTube | Apple Podcasts | Spotify