Session Abstract: The major problem with cybersecurity programs is that CISOs get the budgets they deserve, not the budgets that they need and they need to deserve more. The design and budget of cybersecurity programs is traditionally driven by the current program and budget. Any enhancements are based on this set. This is not an application of business discipline. This session highlights the economics of cybersecurity and provide a framework for determining accurate costs of vulnerabilities, which allows CISOs to cost justify countermeasures. Applying machine learning allows for an accurate optimization of the budget to cost justify the program they need.Summary: For CISOs to optimize their budgets, they need to understand their attack surfaces and paths, and the value of the assets they protect, Combining machine learning, this session will provide a methodology to cost justify an optimized cybersecurity program.Additional Information: It is hard to describe the session in 100 words, but it will be a well structured session defining risk quantification, risk optimization, and making business cases for cybersecurity programs. I hate to use machine learning as a teaser as it is all to frequently used as a gimmick, but it is an application of newer mathematical principles that were previously unavailable. This itself is a subject that CISOs need to understand and that I will cover.