Key Learning Points:
- Metrics and how they relate to the business
- How to establish a metric: the process
- Using metrics in your security program
When security practitioners complain that they don’t get management to listen, or that “we need to know how to talk to the business” they are pointing out that security doesn’t do a very good job with metrics. It’s the way to explain the relevance of what you do, and why you do it. In this session we’ll talk about how to establish metrics and a metrics program, as well as some sneaky strategic tricks for maneuvering in meetings. We will also learn why pie charts are horrible.
About Marcus J. Ranum
Marcus J. Ranum works for Tenable Security, Inc. and is a world-renowned expert on security system design and implementation. He has been involved in every level of the security industry from product coder to CEO of a successful start-up. He is an ISSA fellow and holds achievement and service awards from several industry groups.