security programs

This edition of The Future of Cybersecurity Newsletter by Sean Martin draws a parallel between cybersecurity in businesses and "The Truman Show," highlighting the transformative impact of embedding cybersecurity into core business strategies. It discusses the challenges and potential of redefining traditional cybersecurity roles to foster innovation, enhance efficiency, and gain a competitive edge.

________

This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.

Sincerely, Sean Martin and TAPE3

________

Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.

TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

This edition of The Future of Cybersecurity Newsletter by Sean Martin draws a parallel between cybersecurity in businesses and "The Truman Show," highlighting the transformative impact of embedding cybersecurity into core business strategies. It discusses the challenges and potential of redefining traditional cybersecurity roles to foster innovation, enhance efficiency, and gain a competitive edge.

________

This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.

Sincerely, Sean Martin and TAPE3

________

Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.

TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Guest: Evgeniy Kharam, Cybersecurity Professional, Security Architecture Podcast [@secarchpodcast]

On Linkedin | https://www.linkedin.com/in/ekharam/

____________________________

Hosts: 

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Evgeniy Kharam to explore the world of browser security and browser isolation. They discuss the user experience and the policies that organizations can apply to protect against security threats.

The conversation delves into the concept of remote browser isolation and its application in ensuring user safety when visiting unknown or malicious websites. They also dive into the benefits of using enterprise browsers and the control they provide over website access, malware scanning, data loss prevention, and more.

The episode touches on the impact of browser security on security programs, team structures, and the tech stack. They discuss the relatively new browser security space and its potential to disrupt the SASE and SSE markets. Evgeniy shares insights into the potential transformation of the cybersecurity landscape and predicts that endpoint solutions may incorporate isolation technology. The episode concludes with a preview of Evgeniy's upcoming session at the SecTor security conference in Toronto, where he will dive deeper into browser security isolation.

Overall, this episode offers valuable insights into the evolving world of browser security and its potential impact on cybersecurity practices. Listeners can expect an engaging conversation that combines technical knowledge with practical applications.

About Evgeniy's SecTor Session: There has been renewed hype about adding more security efforts around the browser. New security startups and the bigger players as well have been making the case that because browsing is such an inherent part of our work and personal lives, we should address phishing and other attacks there. After interviewing and analyzing the offerings of many providers, I will share my findings and perspective on the market. This session will go over key points on how such a technology might be used in your organization, the pitfalls and how it fits in with / competes with other product suites like SASE and EDR. What you will learn:

- Use cases for browser isolation/enterprise browser

- ZTNA using browser isolation/enterprise browser

- Where browser isolation/enterprise browser fits in an environment

- Vendor land space

- What we should expect in the next 12-18 months

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

Browser Security / Isolation-101 (session): https://www.blackhat.com/sector/2023/briefings/schedule/#browser-security--isolation-101-34279

Learn more about SecTor 2023: https://www.blackhat.com/sector/2023/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Evgeniy Kharam, Cybersecurity Professional, Security Architecture Podcast [@secarchpodcast]

On Linkedin | https://www.linkedin.com/in/ekharam/

____________________________

Hosts: 

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin is joined by Evgeniy Kharam to explore the world of browser security and browser isolation. They discuss the user experience and the policies that organizations can apply to protect against security threats.

The conversation delves into the concept of remote browser isolation and its application in ensuring user safety when visiting unknown or malicious websites. They also dive into the benefits of using enterprise browsers and the control they provide over website access, malware scanning, data loss prevention, and more.

The episode touches on the impact of browser security on security programs, team structures, and the tech stack. They discuss the relatively new browser security space and its potential to disrupt the SASE and SSE markets. Evgeniy shares insights into the potential transformation of the cybersecurity landscape and predicts that endpoint solutions may incorporate isolation technology. The episode concludes with a preview of Evgeniy's upcoming session at the SecTor security conference in Toronto, where he will dive deeper into browser security isolation.

Overall, this episode offers valuable insights into the evolving world of browser security and its potential impact on cybersecurity practices. Listeners can expect an engaging conversation that combines technical knowledge with practical applications.

About Evgeniy's SecTor Session: There has been renewed hype about adding more security efforts around the browser. New security startups and the bigger players as well have been making the case that because browsing is such an inherent part of our work and personal lives, we should address phishing and other attacks there. After interviewing and analyzing the offerings of many providers, I will share my findings and perspective on the market. This session will go over key points on how such a technology might be used in your organization, the pitfalls and how it fits in with / competes with other product suites like SASE and EDR. What you will learn:

- Use cases for browser isolation/enterprise browser

- ZTNA using browser isolation/enterprise browser

- Where browser isolation/enterprise browser fits in an environment

- Vendor land space

- What we should expect in the next 12-18 months

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

Browser Security / Isolation-101 (session): https://www.blackhat.com/sector/2023/briefings/schedule/#browser-security--isolation-101-34279

Learn more about SecTor 2023: https://www.blackhat.com/sector/2023/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

About the CISO Circuit Series

Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guest: Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this special episode of Redefining Cybersecurity—the CISO Circuit Series—Sean Martin and Michael Piacente come together to explore the role of a CISO and the challenges they face. They discuss how organizations are trimming cybersecurity activities, including the reduction or elimination of CISO roles, due to the impact of the economy. They explore the concept of "battlefield promotions," where individuals within organizations take on CISO responsibilities without the official title. They discuss the trend of an increasing number of job seekers in the cybersecurity market, with data revealing a significant rise in both proactive and reactive candidates. They also discuss the importance of executive-level support for CISOs and the impact it has on their job satisfaction and success.

The conversation touches on the issue of executive sponsorship, with many companies failing to fully support their security programs, leading to frustration and turnover among CISOs. The conversation highlights the collaborative nature of the CISO community and its influence on the hiring process. They also explore the concept of ESG (Environmental, Social, and Governance) and its influence on individuals seeking new security roles.

The desire to make a positive impact on the world and align with organizations that share that goal emerges as a driving force for CISOs. Give the challenges cybersecurity leadership encounters, the need for adequate support and resources continues to mount.

Throughout the episode, Sean and Michael provide valuable insights into the evolving nature of the CISO role and the factors that influence job satisfaction and career moves in the cybersecurity industry. Listeners can expect a thoughtful and informative conversation that highlights the complexities and nuances of the CISO role in today's dynamic cyber landscape.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

Podcast: A Tale of 2 CISOs: Navigating the Evolving Landscape of Information Security and Ethics, Today and Tomorrow | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3: https://redefining-cybersecurity.simplecast.com/episodes/a-tale-of-2-cisos-navigating-the-evolving-landscape-of-information-security-and-ethics-today-and-tomorrow-a-musing-on-the-future-of-cybersecurity-and-humanity-with-sean-martin-and-tape3-read-by-tape3

Blog Series: Am I Wrong For Saying I Could Never Be A CISO?

• Part 1 Of 4 | The Risks And Rewards Of Being A Chief Information Security Officer: https://www.itspmagazine.com/redefining-cybersecurity-blog-with-tape3/am-i-wrong-for-saying-i-could-never-be-a-ciso-the-risks-and-rewards-of-being-a-chief-information-security-officer-part-1-of-4
• Part 2 Of 4 | CISO Playbook: Preparation And Tools For Navigating The Cybersecurity Minefield: https://www.itspmagazine.com/redefining-cybersecurity-blog-with-tape3/am-i-wrong-for-saying-i-could-never-be-a-ciso-ciso-playbook-preparation-and-tools-for-navigating-the-cybersecurity-minefield-part-2-of-4
• Part 3 Of 4 | The Power Of Community And Communication: Just A Couple More (Critical) Pieces Of The CISO Puzzle: https://www.itspmagazine.com/redefining-cybersecurity-blog-with-tape3/am-i-wrong-for-saying-i-could-never-be-a-ciso-the-power-of-community-and-communication-just-a-couple-more-critical-pieces-of-the-ciso-puzzle-part-3-of-4

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

About the CISO Circuit Series

Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guest: Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this special episode of Redefining Cybersecurity—the CISO Circuit Series—Sean Martin and Michael Piacente come together to explore the role of a CISO and the challenges they face. They discuss how organizations are trimming cybersecurity activities, including the reduction or elimination of CISO roles, due to the impact of the economy. They explore the concept of "battlefield promotions," where individuals within organizations take on CISO responsibilities without the official title. They discuss the trend of an increasing number of job seekers in the cybersecurity market, with data revealing a significant rise in both proactive and reactive candidates. They also discuss the importance of executive-level support for CISOs and the impact it has on their job satisfaction and success.

The conversation touches on the issue of executive sponsorship, with many companies failing to fully support their security programs, leading to frustration and turnover among CISOs. The conversation highlights the collaborative nature of the CISO community and its influence on the hiring process. They also explore the concept of ESG (Environmental, Social, and Governance) and its influence on individuals seeking new security roles.

The desire to make a positive impact on the world and align with organizations that share that goal emerges as a driving force for CISOs. Give the challenges cybersecurity leadership encounters, the need for adequate support and resources continues to mount.

Throughout the episode, Sean and Michael provide valuable insights into the evolving nature of the CISO role and the factors that influence job satisfaction and career moves in the cybersecurity industry. Listeners can expect a thoughtful and informative conversation that highlights the complexities and nuances of the CISO role in today's dynamic cyber landscape.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

Podcast: A Tale of 2 CISOs: Navigating the Evolving Landscape of Information Security and Ethics, Today and Tomorrow | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3: https://redefining-cybersecurity.simplecast.com/episodes/a-tale-of-2-cisos-navigating-the-evolving-landscape-of-information-security-and-ethics-today-and-tomorrow-a-musing-on-the-future-of-cybersecurity-and-humanity-with-sean-martin-and-tape3-read-by-tape3

Blog Series: Am I Wrong For Saying I Could Never Be A CISO?

• Part 1 Of 4 | The Risks And Rewards Of Being A Chief Information Security Officer: https://www.itspmagazine.com/redefining-cybersecurity-blog-with-tape3/am-i-wrong-for-saying-i-could-never-be-a-ciso-the-risks-and-rewards-of-being-a-chief-information-security-officer-part-1-of-4
• Part 2 Of 4 | CISO Playbook: Preparation And Tools For Navigating The Cybersecurity Minefield: https://www.itspmagazine.com/redefining-cybersecurity-blog-with-tape3/am-i-wrong-for-saying-i-could-never-be-a-ciso-ciso-playbook-preparation-and-tools-for-navigating-the-cybersecurity-minefield-part-2-of-4
• Part 3 Of 4 | The Power Of Community And Communication: Just A Couple More (Critical) Pieces Of The CISO Puzzle: https://www.itspmagazine.com/redefining-cybersecurity-blog-with-tape3/am-i-wrong-for-saying-i-could-never-be-a-ciso-the-power-of-community-and-communication-just-a-couple-more-critical-pieces-of-the-ciso-puzzle-part-3-of-4

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

TOPIC:  Sprinting Securely: Pentesting Keeping Pace with Agile Development
Building Actionable Security Champion Programs & Pentest catching up with speed of agile

Podcast Guest: Sanoop Thomas (@s4n7h0)

Sanoop Thomas (@s4n7h0) is a seasoned security professional with a diverse background in consulting, teaching, research and product-based industries with a passion to solve complex security problems. Today, Sanoop works as an information security specialist focusing on application security and secure coding. His field of interest includes fuzzing software vulnerabilities, reverse engineering, malware analysis, application security and automating security pentest/analysis methodologies. He also moderated null open community chapter in Singapore and Mumbai and organized over hundreds of events and workshops to spread security awareness across the country.
Sanoop is the author and maintainer of Halcyon IDE project (https://halcyon-ide.org) and podcast show host at InfoSec Campus (https://infoseccampus.com). He has spoken at multiple international security conferences that includes Nullcon, OWASP India, DevSecCon, HITBGSEC, Rootcon, Defcon (Demo Labs) and Blackhat (Arsenal - Vegas and Singapore). Sanoop is also the founding organizer for BSides Singapore.

Recommended reading/viewing, for practitioners

• tl;dr sec newsletter by Clint Gibler (@clintgibler) 
  • https://tldrsec.com/
• The Backend Engineering Show with Hussein Nasser (podcast) 
  • https://www.youtube.com/@hnasr
  • https://www.youtube.com/playlist?list=PLQnljOFTspQU0ICDe-cL1EwXC4GDSayKY
•  Listen to Sanoop Thomas’ podcast: Infosec Campus
  • https://infoseccampus.com/

I would love to hear your suggestions and feedbacks, please DM me. If you liked this episode, please share with others in the community. It always means a lot!

If you’re interested in a security challenge that you’re facing or would like to hear from a specific speaker/team, let me know. Buzz me on Twitter or LinkedIn; checkout my handles below:

• Twitter: @NeeluTripathy
• LinkedIn: neelutripathy

Guests: 

Allie Mellen, Senior Analyst at Forrester [@forrester]

On Linkedin | https://www.linkedin.com/in/hackerxbella/

On Twitter | https://twitter.com/hackerxbella

Jeff Pollard, VP & Principal Analyst at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/jpollard96/

On Twitter | https://twitter.com/jeff_pollard2

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this new episode of Redefining CyberSecurity with Sean Martin, Allie Mellen, and Jeff Pollard engage in an in-depth conversation exploring security metrics' critical role and power in the infoSec decision-making processes. Throughout the dialogue, listeners can gain an understanding of the importance of implementing relevant metrics, such as Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR), for tracking growth within cybersecurity contexts. However, there’s much more to metrics than just these two figures.

Both Allie and Jeff emphasize that metrics should be perceived not merely as numerical values but as valuable guideposts aiding decision-making. This perspective, attributed to the Lean Startup philosophy by Eric Ries, encourages using metrics to guide future actions, understand current decisions, or evaluate past outcomes. They stress that metrics should have a genuine purpose and contribute meaningfully rather than just providing quantitative data.

Furthermore, the conversation underscores the relevance of metrics to the decision-making audience. Allie and Jeff agree that metrics should differentiate between what matters only to your team and what's necessary for strategic decisions in the broader organization. They become truly impactful by ensuring metrics support decision-making and reach the right audience, whether it's senior leadership, the security program, or the tactical metric practitioners.

Storytelling's role is highlighted as vital in presenting these metrics to various stakeholders, making the data more meaningful, understandable, and actionable. The conversation extends the notion of metrics, applying concepts like readmission rates, commonly used in healthcare, to measure incident recurrence in cybersecurity.

The trio also spotlights the need for a synergistic relationship between the Security Operations Center (SOC) and Vulnerability Risk Management (VRM). Such a relationship fosters improved security posture through effective incident management and prevention, with Allie reasoning that translating data into something meaningful for other business units is crucial.

Touching upon individual metrics in the context of career progression, both Allie and Jeff emphasize the necessity for individuals to define their career-oriented metrics based on their personal goals and organizational expectations. This understanding can help leaders prove their program's success and influence others.

The conversation ultimately underscores the importance of the right data sources for calculating meaningful metrics. Without the correct data, generating truly impactful and actionable metrics becomes impossible. Jeff cites an example of a financial organization that used a unique metric to measure insider risk, emphasizing the complexities and challenges of deriving meaningful and actionable cybersecurity metrics.

There’s a lot to unpack in this conversation. Listen to the entire episode so you don’t miss a beat.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

The Lean Startup: https://theleanstartup.com/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guests: 

Allie Mellen, Senior Analyst at Forrester [@forrester]

On Linkedin | https://www.linkedin.com/in/hackerxbella/

On Twitter | https://twitter.com/hackerxbella

Jeff Pollard, VP & Principal Analyst at Forrester [@forrester]

On LinkedIn | https://www.linkedin.com/in/jpollard96/

On Twitter | https://twitter.com/jeff_pollard2

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Pentera | https://itspm.ag/penteri67a

___________________________

Episode Notes

In this new episode of Redefining CyberSecurity with Sean Martin, Allie Mellen, and Jeff Pollard engage in an in-depth conversation exploring security metrics' critical role and power in the infoSec decision-making processes. Throughout the dialogue, listeners can gain an understanding of the importance of implementing relevant metrics, such as Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR), for tracking growth within cybersecurity contexts. However, there’s much more to metrics than just these two figures.

Both Allie and Jeff emphasize that metrics should be perceived not merely as numerical values but as valuable guideposts aiding decision-making. This perspective, attributed to the Lean Startup philosophy by Eric Ries, encourages using metrics to guide future actions, understand current decisions, or evaluate past outcomes. They stress that metrics should have a genuine purpose and contribute meaningfully rather than just providing quantitative data.

Furthermore, the conversation underscores the relevance of metrics to the decision-making audience. Allie and Jeff agree that metrics should differentiate between what matters only to your team and what's necessary for strategic decisions in the broader organization. They become truly impactful by ensuring metrics support decision-making and reach the right audience, whether it's senior leadership, the security program, or the tactical metric practitioners.

Storytelling's role is highlighted as vital in presenting these metrics to various stakeholders, making the data more meaningful, understandable, and actionable. The conversation extends the notion of metrics, applying concepts like readmission rates, commonly used in healthcare, to measure incident recurrence in cybersecurity.

The trio also spotlights the need for a synergistic relationship between the Security Operations Center (SOC) and Vulnerability Risk Management (VRM). Such a relationship fosters improved security posture through effective incident management and prevention, with Allie reasoning that translating data into something meaningful for other business units is crucial.

Touching upon individual metrics in the context of career progression, both Allie and Jeff emphasize the necessity for individuals to define their career-oriented metrics based on their personal goals and organizational expectations. This understanding can help leaders prove their program's success and influence others.

The conversation ultimately underscores the importance of the right data sources for calculating meaningful metrics. Without the correct data, generating truly impactful and actionable metrics becomes impossible. Jeff cites an example of a financial organization that used a unique metric to measure insider risk, emphasizing the complexities and challenges of deriving meaningful and actionable cybersecurity metrics.

There’s a lot to unpack in this conversation. Listen to the entire episode so you don’t miss a beat.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

The Lean Startup: https://theleanstartup.com/

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network