Building an effective cybersecurity metrics program

On-Demand Webcast|1 hour

CISOs strive to develop and use security metrics as an objective way to: (1) portray the state of their security programs; and (2) effect positive change to security controls, like patching within SLAs and improving phishing email awareness. However, they are challenged by data collection difficulties, limitations of reporting tools, and uncertainties about what metrics are relevant for different audiences (e.g., board, management, IT and security personnel).

During this month of CISO Stories, practitioners will share their experiences and challenges with implementing a cybersecurity metrics program. Guidance and tools developed by a cross sector task force of CISOs are shared as well, highlighting:

  • The Cybersecurity Collaborative Security Metrics Framework
  • Criteria for an effective security metric
  • Methods for metrics reporting and decision-making
  • Guidance for initiating a metrics program
  • Strategies for expanding the program
  • Tools for collecting and reporting metrics
  • The Cybersecurity Collaborative Security Metrics Workbook (working metrics examples)

Practitioners will also connect the dots on how such metrics should be used to continuously improve identity, application, cloud and network security, anti-ransomware efforts, zero trust, email security, threat intelligence, AI and third-party risk management.

Speakers

Parham Eftekhari
Executive Vice President, Collaboration
CyberRisk Alliance

Parham Eftekhari is a business executive specializing in cyber and national security. He currently serves as Executive Vice President, CISO Communities at CyberRisk Alliance, leading its CISO services platform which consists of the Cybersecurity Collaborative and Cybersecurity Collaboration Forum. Parham also serves as the chairman of the Institute for Critical Infrastructure Technology (ICIT), the nation’s leading cybersecurity think tank, which he founded in 2014. Other leadership roles during his more than 15 years in this sector include co-founder and Vice President of research at the Government Technology Research Alliance, founder of the world’s first webcam cover manufacturer CamPatch, and Advisory Board member at the Ready Rock Institute. Parham has developed and authored multiple research publications, regularly engages with the media, and has addressed forums ranging from Congress, TED, RSA, and C-SPAN. In 2017, Parham was recognized by (ISC)2 for his contributions to the field of cybersecurity with the Most Valuable Industry Partner – Government Information Security Leadership Award.

Tom Scurrah
VP, Cybersecurity Programs and Content
CyberRisk Collaborative

For over 20 years, Tom has practiced as a cyber security professional as an executive director of information security for Verizon, a founder of two cyber security consulting firms, and Vice President of Content and Programs for the Cybersecurity Collaborative.

Tom is CEO of MyDataOnly, Inc., which offers privacy and security consultation and security (penetration) testing services. Tom began his career in IT in programming and strategic planning and later founded a customer satisfaction measurement firm.

Tom holds four security certifications (CISSP, CISM, PCIP) and one privacy certification (CIPP/US). He has a master’s degree from MIT’s Sloan School of Management and is a Marine Corps veteran.

Victor Wunschel

Victor Wunschel is a veteran of the United States Marine Corps. He has been an Information Security professional since 2002 and became a CISSP in 2018. He currently serves as the Lead Security Analyst for USAble Life.

Pete Hazen
VP, Security Architecture & Technical Assurance
Radian Group Inc.

Pete Hazen has for the past seven years been leading key information security and IAM initiatives at Radian Group, a financial services company that provides mortgage insurance and real estate services to homeowners and lenders in the continental U.S. While at Radian, Pete was responsible for management and deployment of Radian’s Single Sign-On (SSO), Privileged Access Management (PAM), and Enterprise Data Protection programs. Prior to his time at Radian, Pete was a principal consultant, both in a solo capacity and as co-owner of his own 10-person consulting company, managing IAM and other security initiatives for domestic and international businesses in the manufacturing, financial services and healthcare sectors. software/hardware engineer by several Fortune 500 companies focused on IT and product R&D. Pete holds a CISSP and is a graduate of Purdue University, having both BS and MS degrees in Electrical Engineering.