You invest a lot in security controls but still worry about getting hacked. Audits and industry standards make you compliant but not necessarily secure. This talk will outline effective techniques you can use to systematically determine if your existing end-user security controls are performing their jobs, and identify and prioritize gaps.