Magnificent 7/7: Metrics and Scorecards
It’s been a fun CSO tools series so let’s close it with a bang. Number 7 is the ever intimidating operations scorecard. I’m also happy to share this post coincides with the release of the Third Defense...
View ArticleCan metrics save money on PCI compliance?
I continue to be impressed by the VZ team. Their latest PCI Compliance Report continues their contribution of data sharing with the industry. Here are a couple cherry picked passages from the exec sum:...
View ArticleMoney$ec Evolved Slides
My first BSides will not be my last. A huge thank you to all the sponsors and volunteers. The BSidesSF folks will publish links to the recording and slides but I’ve had a few requests that couldn’t...
View ArticleMake a Difference Webinar with Caliber
Apologies for not linking to my webinar with Tab from Caliber Security. It’s a fun filled 45 minutes with me jawing on about prioritizing and measuring risk. Who doesn’t want more of that… Event...
View ArticleSource Boston: My Communicate Risk Slides And More
I had a great time at Source Boston. Many good times, talks, and connections. Source Boston had the best combination of technical and business oriented talks I’ve ever experienced at a conference....
View ArticleYour Security Executive Dashboard
Sometimes for fun, I like to concatenate as many buzzwords as possible. How about: our cloud GRC dashboard provides risk intelligence leveraging big data visualization. I bet someone has a copyright on...
View ArticleVulnerability Management From Scratch
When it comes to classic processes like identifying, prioritizing, and tracking scanner-based vulnerabilities, I like to dive right into the deeper waters of performance targets and service levels. Who...
View ArticleWinning the IT Security Compliance Game
I’m sure you all follow the New School blog and have read Compliance Lessons from Lance. My take on the post is to find a way to position compliance from a necessary evil to a necessary evil to achieve...
View ArticleWhat matters to you?
Lots has been written why measuring current control performance contributes to the answer of “How much security do we need?” If you measure what matters, does tactical control performance matter? Maybe...
View ArticleMeasuring Security Performance: Governance or Whistleblower?
I love helping security teams measure control performance (metrics) and improve risk analysis and management programs. Providing visibility into current performance and putting the data in context of...
View Article