Defense in Depth: Security Metrics

What are the most important metrics to measure when building out your security program? One thing we learned on this episode is depending on your security program’s maturity, those metrics will always be different.


This episode of Defense in Depth is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is my co-host of the other show, Mike Johnson, CISO of Lyft.

Fluency’s correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization’s path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019.

Subscribe to Defense in Depth.

Got feedback? Join the conversation on LinkedIn.

On this episode of Defense in Depth, you’ll learn:

  • There is no golden set of security metrics.
  • Metrics you use to measure your security program this year won’t necessarily be the same ones you use next year.
  • Use the NIST model to determine your security program maturity.
  • Unlike B2C, B2B companies can use metrics to build a closer tie between security and the business.
  • Regulations and certifications are one easy way to align security with the business.

Defense in Depth

David Spark
David Spark is the founder of CISO Series where he produces and co-hosts many of the shows. Spark is a veteran tech journalist having appeared in dozens of media outlets for almost three decades.