This document discusses approaches for cybersecurity portfolio management. It addresses questions around identifying necessary versus unnecessary security products, gaps and overlaps in an existing portfolio, and defining a security strategy. Various frameworks are presented for conducting a structured portfolio analysis, including the OWASP Cyber Defense Matrix, CyberARM, Gartner's Security Posture Assessment, and the US-CCU Cyber-Security Matrix. Effective use of an existing security portfolio involves identifying control overlaps, integrating products, automating workflows, replacing multiple products, optimizing configurations, and ensuring appropriate coverage of assets based on a threat model.