Stan Black, CSO, Citrix: Before building lakes, clouds, and clusters of security data, focus on your company’s purpose, such as identifying fraud, insiders, malicious actors, errors, misconduct and so on. Once you have prioritized a desired set of outcomes, then focus on what you don’t need to analyze. Technology does not commit cyber crime, people do. With this in mind, analytics often starts with role mining, empirically quantifying what users can, could, or should never do establishes a user baseline. By defining “known good,” secure analytics refocus on the unknown and anomalies to uncover potential threats.