Implementing Meaningful Information Security Metrics | A Conversation w/ Allie Mellen & Jeff Pollard

Channel:
United States ITSPmagazine
Subscribers:
4,540
Published on ● Video Link: https://www.youtube.com/watch?v=Eo8-6lacAMk


Category:
Guide
Duration: 46:17
22 views
0

Guests:

Allie Mellen, Senior Analyst at Forrester [@forrester]

On Linkedin | https://www.linkedin.com/in/hackerxbella/

On Twitter | https://twitter.com/hackerxbella

Jeff Pollard, VP & Principal Analyst at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/jpollard96/

On Twitter | https://twitter.com/jeff_pollard2

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this new episode of Redefining CyberSecurity with Sean Martin, Allie Mellen, and Jeff Pollard engage in an in-depth conversation exploring security metrics' critical role and power in the infoSec decision-making processes. Throughout the dialogue, listeners can gain an understanding of the importance of implementing relevant metrics, such as Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR), for tracking growth within cybersecurity contexts. However, there’s much more to metrics than just these two figures.

Both Allie and Jeff emphasize that metrics should be perceived not merely as numerical values but as valuable guideposts aiding decision-making. This perspective, attributed to the Lean Startup philosophy by Eric Ries, encourages using metrics to guide future actions, understand current decisions, or evaluate past outcomes. They stress that metrics should have a genuine purpose and contribute meaningfully rather than just providing quantitative data.

Furthermore, the conversation underscores the relevance of metrics to the decision-making audience. Allie and Jeff agree that metrics should differentiate between what matters only to your team and what's necessary for strategic decisions in the broader organization. They become truly impactful by ensuring metrics support decision-making and reach the right audience, whether it's senior leadership, the security program, or the tactical metric practitioners.

Storytelling's role is highlighted as vital in presenting these metrics to various stakeholders, making the data more meaningful, understandable, and actionable. The conversation extends the notion of metrics, applying concepts like readmission rates, commonly used in healthcare, to measure incident recurrence in cybersecurity.

The trio also spotlights the need for a synergistic relationship between the Security Operations Center (SOC) and Vulnerability Risk Management (VRM). Such a relationship fosters improved security posture through effective incident management and prevention, with Allie reasoning that translating data into something meaningful for other business units is crucial.

Touching upon individual metrics in the context of career progression, both Allie and Jeff emphasize the necessity for individuals to define their career-oriented metrics based on their personal goals and organizational expectations. This understanding can help leaders prove their program's success and influence others.

The conversation ultimately underscores the importance of the right data sources for calculating meaningful metrics. Without the correct data, generating truly impactful and actionable metrics becomes impossible. Jeff cites an example of a financial organization that used a unique metric to measure insider risk, emphasizing the complexities and challenges of deriving meaningful and actionable cybersecurity metrics.

There’s a lot to unpack in this conversation. Listen to the entire episode so you don’t miss a beat.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllQZ9kSG7X7grrP_PsH3q3T3ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

The Lean Startup: https://theleanstartup.com/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network



Other Videos By ITSPmagazine


2023-07-22To the Stars, the Algorithms, and Beyond A Human Journey of Self Discovery through Technology
2023-07-21How Artificial Intelligence is revolutionizing search engines & reshaping our access to information
2023-07-21Understand, Manage, Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program
2023-07-19A Carbon, a Silicon, and a Cell, walk into a bar... | A Redefining Society Podcast Series
2023-07-19Who are Nation-State Threats | A Conversation With Brian Contos | Tech Done Different Podcast
2023-07-19How to Lead Security in the AI/ML Era with Paul Watts | Secure Your Strategy Podcast
2023-07-19The Art of Networking, Digital Junk & Avoiding The Motivational Trap | Conversation w/ Daniel Okoro
2023-07-18AI, Cyber Warfare, and Beyond: Understanding Cybersecurity's Future | Conversation With Steve Wylie
2023-07-15A day in the life of a Script Supervisor. What is it, what it does, and why it's so important
2023-07-13The Critical Role of Hypersonics for the Future Security of the United States
2023-07-12Implementing Meaningful Information Security Metrics | A Conversation w/ Allie Mellen & Jeff Pollard
2023-07-10Book | The Great Transition: The Personalization of Finance is Here | Guest: Author, Emmanuel Daniel
2023-07-07Introducing Getting Technology Right Podcast With Podcast Host Dr. Kevin Macnish, & Marco Ciappelli
2023-07-06A Conversation with Tom Sorell | Getting Technology Right Podcast With Dr. Kevin Macnish
2023-07-05The Rise of the Transformers | Cyber Cognition Podcast with Hutch
2023-07-05Why has Locked Down with Kayla and Taylor been missing? | Locked Down Podcast
2023-06-30Artificial Intelligence: Past, Present, & Future | With Mary Hagy, Matthew Griffin, & Caden Griffin
2023-06-29Moonlighter: A CTF Challenge in Space | Hack-a-Sat 4 and the State of Space Cybersecurity
2023-06-28Redesigning Healthcare with Data and AI: The Digital Frontier of Medical Innovation
2023-06-27Book | The Perfect Story How to Tell Stories that Inform, Influence, and Inspire | With Karen Eber
2023-06-26Book | Containing Big Tech: How to Protect Our Civil Rights, Economy, and Democracy | With Tom Kemp


Tags:
Jeff Pollard
Allie Mellen
Security Metrics
Decision Making
Lean Startup
Eric Ries
Quantitative Measures
Qualitative Measures
Organizational Decisions
Metrics Relevance
Decision-Making Audience
Strategic Metrics
Operational Metrics
Tactical Metrics
Career Progression
Individual Metrics
Personal Goals
Organizational Expectations
Security Program Success
Influence in Organization
Leadership
management