ArchiveOODA OriginalSecurity and Resiliency

Mitigating Cyber Risks: Four real world practitioners exchange views at OODAcon

The opportunities presented to us by the widespread, interconnected digital technology of cyberspace come with costs, including the enablement of crime and espionage.

Today every sector of the economy and every government and every citizen is under almost constant cyber attack. Most are suffering ongoing infections with malware. Attackers get in fast and remain undetected for months.

Defenders have learned a great deal about the modern cyber threat, including the types of organizations that cause the most damage, how they are resourced, how they operate, and what their motivations are. And we have learned best practices and ways to raise defenses that make it much much harder for adversaries to win. Risk can be mitigated. But we have also learned that attackers will be persistent and will surprise us now matter how strong our defenses are.

This panel at OODAcon brought together pioneering experts with ideas we believe hold the potential to cause order of magnitude improvements in cybersecurity posture. We the ensuing discussion resulted in actionable insights you can put in place in your organization immediately to kickstart your journey in mitigating cyber risk.

The panel included discussion on:

  • Insights from behavioral science and human nature relevant to organizational leadership, career development and training for mitigating risks
  • Why modern red teaming provides the only useful security metric today
  • Ways to make cyber threat intelligence actionable
  • How to automate actions in the network


  • Matt Devost, CEO, OODA LLC


  • Masha Sedova, Co-Founder, Elevate Security
  • Steven Rogers, CEO, Centripetal Networks
  • Bryson Bort, CEO, Scythe

Additional Member Resources: 

Deception Needs to be an Essential Element of Your Cyber Defense Strategy: In the cyber defense community, we talk about a wide-range of risk mitigating technologies, strategies, and activities.  We talk about attacker deterrence and increasing costs for the attacker.  We invest in endpoint agents, threat intelligence, DLM, and other mitigating technologies on a daily basis. Here’s why one of the most compelling emerging use cases for increasing attacker costs is through the use of deception.

Traveling Executive’s Guide to Cybersecurity: Traveling executives are frequent targets for cyber espionage. This report provides guidance for executives and their security teams on how to protect their information and technology while on the go. Produced by OODA co-founders Matt Devost and Bob Gourley, the report provides best practices, awareness of threats, and a deep understanding of the state of technology. A tiered threat model is provided enabling a better tailoring of actions to meet the threat.

Best Practices for Agile Cybersecurity: Members of the OODA expert network continuously track best practices for policy, procedures, technology and governance related to cyber defense.  We work directly defending enterprises in cyber defense and maintain an always up to date list of actions in a form designed to help any organization stay as agile as possible in the face of dynamic adversaries.

Cybersecurity Sensemaking Page: The collection on this page includes content from produced exclusively for OODA members. Our research team is led by OODA founders Bob Gourley and Matt Devost and they leverage their extensive past performance in operational cybersecurity in the reports presented here. We also provide pointers to the most recent cybersecurity reporting from our Daily Pulse Report, as well as a list of other resources we see as credible on the topic of cybersecurity.

Bob Gourley

Bob Gourley

Bob Gourley is the co-founder and Chief Technology Officer (CTO) of OODA LLC, the technology research and advisory firm with a focus on artificial intelligence and cybersecurity which publishes Bob is the co-host of the popular podcast The OODAcast. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.