Implementing Meaningful Information Security Metrics | A Conversation with Allie Mellen and Jeff Pollard | Redefining CyberSecurity with Sean Martin episode artwork

EPISODE · Jul 12, 2023 · 47 MIN

Implementing Meaningful Information Security Metrics | A Conversation with Allie Mellen and Jeff Pollard | Redefining CyberSecurity with Sean Martin

from Redefining CyberSecurity · host Sean Martin, ITSPMagazine, Jeff Pollard, Allie Mellen

Guests: Allie Mellen, Senior Analyst at Forrester [@forrester]On Linkedin | https://www.linkedin.com/in/hackerxbella/On Twitter | https://twitter.com/hackerxbellaJeff Pollard, VP & Principal Analyst at Forrester [@forrester]On LinkedIn | https://www.linkedin.com/in/jpollard96/On Twitter | https://twitter.com/jeff_pollard2____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this new episode of Redefining CyberSecurity with Sean Martin, Allie Mellen, and Jeff Pollard engage in an in-depth conversation exploring security metrics' critical role and power in the infoSec decision-making processes. Throughout the dialogue, listeners can gain an understanding of the importance of implementing relevant metrics, such as Mean Time To Detect (MTTD) and Mean Time To Respond (MTTR), for tracking growth within cybersecurity contexts. However, there’s much more to metrics than just these two figures.Both Allie and Jeff emphasize that metrics should be perceived not merely as numerical values but as valuable guideposts aiding decision-making. This perspective, attributed to the Lean Startup philosophy by Eric Ries, encourages using metrics to guide future actions, understand current decisions, or evaluate past outcomes. They stress that metrics should have a genuine purpose and contribute meaningfully rather than just providing quantitative data.Furthermore, the conversation underscores the relevance of metrics to the decision-making audience. Allie and Jeff agree that metrics should differentiate between what matters only to your team and what's necessary for strategic decisions in the broader organization. They become truly impactful by ensuring metrics support decision-making and reach the right audience, whether it's senior leadership, the security program, or the tactical metric practitioners.Storytelling's role is highlighted as vital in presenting these metrics to various stakeholders, making the data more meaningful, understandable, and actionable. The conversation extends the notion of metrics, applying concepts like readmission rates, commonly used in healthcare, to measure incident recurrence in cybersecurity.The trio also spotlights the need for a synergistic relationship between the Security Operations Center (SOC) and Vulnerability Risk Management (VRM). Such a relationship fosters improved security posture through effective incident management and prevention, with Allie reasoning that translating data into something meaningful for other business units is crucial.Touching upon individual metrics in the context of career progression, both Allie and Jeff emphasize the necessity for individuals to define their career-oriented metrics based on their personal goals and organizational expectations. This understanding can help leaders prove their program's success and influence others.The conversation ultimately underscores the importance of the right data sources for calculating meaningful metrics. Without the correct data, generating truly impactful and actionable metrics becomes impossible. Jeff cites an example of a financial organization that used a unique metric to measure insider risk, emphasizing the complexities and challenges of deriving meaningful and actionable cybersecurity metrics.There’s a lot to unpack in this conversation. Listen to the entire episode so you don’t miss a beat.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!____________________________ResourcesThe Lean Startup: https://theleanstartup.com/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Allie Mellen and Jeff Pollard navigate the nuances of meaningful metrics, highlighting their pivotal role in decision-making, cybersecurity growth, and career progression.

NOW PLAYING

Implementing Meaningful Information Security Metrics | A Conversation with Allie Mellen and Jeff Pollard | Redefining CyberSecurity with Sean Martin

0:00 47:55

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Darknet Discussions Darknet Discussions Welcome to "Darknet Discussions," the podcast that gets into the shadows of the internet to bring you the most intriguing, enlightening, and sometimes unsettling stories from the dark web. Hosted by seasoned darknet aficionados, each episode of "Darknet Discussions" explores the intricate dynamics of darknet markets, cybersecurity threats, and the digital underworld. Join us as we interview experts, discuss the latest trends in cybercrime, and shed light on the technologies that operate beneath the surface of everyday internet use. Also, we occasionally go off on a tangent about something completely unrelated. IT Trendsetters SynerComm During each episode, our team is joined by a relevant industry expert to gain insight into new IT trends and learn about important IT and cybersecurity concepts. Our goal is to give you the advice your need to safeguard your network and digital assets. The AI-Powered Lawyer River Braun Welcome to The AI-Powered Lawyer, where host River Braun takes you on a journey into the heart of the AI revolution in law. This isn't about traditional legal practice; it's about exploring cutting-edge technology that's transforming the way we work. Each episode dives into the tools, trends, and techniques redefining what it means to be a lawyer in the age of AI. Subscribe and join us as we redefine law...together! IT Jobs's Podcast IT Jobs Two Cisco CCIEs discussing topics related to getting and IT Job or hiring for an IT Job. Focus on both Network Engineering, Cloud, Development, and CyberSecurity and as much reality as can be brought.

Frequently Asked Questions

How long is this episode of Redefining CyberSecurity?

This episode is 47 minutes long.

When was this Redefining CyberSecurity episode published?

This episode was published on July 12, 2023.

What is this episode about?

Guests: Allie Mellen, Senior Analyst at Forrester [@forrester]On Linkedin | https://www.linkedin.com/in/hackerxbella/On Twitter | https://twitter.com/hackerxbellaJeff Pollard, VP & Principal Analyst at Forrester [@forrester]On LinkedIn |...

Can I download this Redefining CyberSecurity episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!