Clik here to view.
Magnificent 7/7: Metrics and Scorecards
It’s been a fun CSO tools series so let’s close it with a bang. Number 7 is the ever intimidating operations scorecard. I’m also happy to share this post coincides with the release of the Third Defense...
View ArticleClik here to view.
Can metrics save money on PCI compliance?
I continue to be impressed by the VZ team. Their latest PCI Compliance Report continues their contribution of data sharing with the industry. Here are a couple cherry picked passages from the exec sum:...
View ArticleClik here to view.
Money$ec Evolved Slides
My first BSides will not be my last. A huge thank you to all the sponsors and volunteers. The BSidesSF folks will publish links to the recording and slides but I’ve had a few requests that couldn’t...
View ArticleClik here to view.
Make a Difference Webinar with Caliber
Apologies for not linking to my webinar with Tab from Caliber Security. It’s a fun filled 45 minutes with me jawing on about prioritizing and measuring risk. Who doesn’t want more of that… Event...
View ArticleClik here to view.
Source Boston: My Communicate Risk Slides And More
I had a great time at Source Boston. Many good times, talks, and connections. Source Boston had the best combination of technical and business oriented talks I’ve ever experienced at a conference....
View ArticleClik here to view.
Your Security Executive Dashboard
Sometimes for fun, I like to concatenate as many buzzwords as possible. How about: our cloud GRC dashboard provides risk intelligence leveraging big data visualization. I bet someone has a copyright on...
View ArticleClik here to view.
Vulnerability Management From Scratch
When it comes to classic processes like identifying, prioritizing, and tracking scanner-based vulnerabilities, I like to dive right into the deeper waters of performance targets and service levels. Who...
View ArticleClik here to view.
Winning the IT Security Compliance Game
I’m sure you all follow the New School blog and have read Compliance Lessons from Lance. My take on the post is to find a way to position compliance from a necessary evil to a necessary evil to achieve...
View ArticleClik here to view.
What matters to you?
Lots has been written why measuring current control performance contributes to the answer of “How much security do we need?” If you measure what matters, does tactical control performance matter? Maybe...
View ArticleClik here to view.
Measuring Security Performance: Governance or Whistleblower?
I love helping security teams measure control performance (metrics) and improve risk analysis and management programs. Providing visibility into current performance and putting the data in context of...
View Article