I will be speaking at TROOPERS this March; my talk is titled: "The foundation is rotting and the basement is flooding: A deeper look at the implicit trust relationships in your organization".
The talk will begin with a new hardware-level attack on PCIe as an example for the implicit trust organizations place in 3rd parties. These implicit trust relationships that are typically overlooked will be closely examined under the lens of "InfoSec debt" and providing guidance to InfoSec decision makers on the ROI or risks of adding additional IT services/appliances to an organization's network. The "InfoSec debt" metric can then be tracked over time and provides an intuitive way to explain the cost/benefits of IT security to other organizational stakeholders.
As always, if you will be attending, or in the neighborhood while I am there, feel free to reach out via my Twitter and hopefully we can meet up!
Cyber-security Philosopher and Boffin