Defense in Depth: Cyber Defense Matrix

A simple way to visualize your entire security program and all the tools that support it.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Sounil Yu (@sounilyu), creator of the Cyber Defense Matrix and former chief security scientist at Bank of America.

Got feedback? Join the conversation on LinkedIn.

Thanks to this week’s podcast sponsor, Verodin

The Verodin Security Instrumentation Platform proactively identifies gaps in security effectiveness attributable to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. Learn how Verodin, part of FireEye, has made it possible for organizations to validate the effectiveness of cyber security controls, thereby protecting their reputation and economic value.

On this episode of Defense in Depth, you’ll learn:

First, just look at the darn thing and it’ll start to make sense.

  • The Cyber Defense Matrix’s original purpose was to provide a visual way to understand the vendor landscape.
  • Users have found lots more uses for the matrix, such as seeing those same gaps in technology, people, and processes.
  • By visualizing, you can see also where you have too much and you can actually get rid of technologies.
  • The matrix provides structural awareness of your vulnerabilities.
  • The matrix admittedly gets a little wonky when cloud technologies are introduced. They often bleed across categories, not neatly fitting into any specific buckets.

Creative Commons photo attribution with logo addition to Flickr user Dako Huang.

Defense in Depth