Security functions are fighting battles on a wide range of fronts, appeasing auditors and regulators, fighting IT ops on patching, end users on opening up holes in the human firewall, etc. But too often, companies build their security program by managing the security-specific ‘EPS’ (events per second), not the one that funds their budgets (company earning per share).
This session will dive into how companies can transform their functions by worrying less about the network traffic funneling into their SIEM and focus more on how they are supporting the companies bottom line. We’ll take a deep look at metrics and measures that will make sense to everyone from board members to those in the back office.
Attendees from all security-related fields will get something from this session, from how to better balance your roadmap, how to refine your audit plan, and how to talk to the board in a way that matters to the people that hold the keys to your corporation.
- Companies should focus on the why (not how) of security
- Metrics programs can be easily transformed by adopting simple principles
- A new focus/vocabularly will dramatically enhance your security function
About Matt Hynes
Matt Hynes is a Partner/Principal in the Advisory Services practice of Ernst & Young (EY) LLP. He leads EY’s Cyber Program Management (CPM) services focused on information security strategy, governance and security function transformation. He is a frequent speaker on related topics at industry events and serves as a guest lecturer at the University of Minnesota’s Carlson School of Business. Hynes is the past president of the Minnesota Chapter of the Information Systems Audit & Control Association (ISACA) and is involved in numerous professional associations.
About Steve Currie
Steve Currie is a senior manager in the cybersecurity practice of Ernst & Young (EY) LLP. With over 15 years of experience at EY, he has led engagements at clients ranging from Fortune 25 companies to local private firms. He is a global leader in EY’s Cyber Program Management (CPM) competency, specifically collaborating with clients to develop solutions to address current challenges, such as supply chain security for connected products.