On-Demand Webcast|1 hour

Building an effective cybersecurity metrics program

Watch Now

By clicking the Register button below, you agree to SC Media Terms of Use and Privacy Policy.

CISOs strive to develop and use security metrics as an objective way to: (1) portray the state of their security programs; and (2) effect positive change to security controls, like patching within SLAs and improving phishing email awareness. However, they are challenged by data collection difficulties, limitations of reporting tools, and uncertainties about what metrics are relevant for different audiences (e.g., board, management, IT and security personnel).

During this month of CISO Stories, practitioners will share their experiences and challenges with implementing a cybersecurity metrics program. Guidance and tools developed by a cross sector task force of CISOs are shared as well, highlighting:

  • The Cybersecurity Collaborative Security Metrics Framework
  • Criteria for an effective security metric
  • Methods for metrics reporting and decision-making
  • Guidance for initiating a metrics program
  • Strategies for expanding the program
  • Tools for collecting and reporting metrics
  • The Cybersecurity Collaborative Security Metrics Workbook (working metrics examples)

Practitioners will also connect the dots on how such metrics should be used to continuously improve identity, application, cloud and network security, anti-ransomware efforts, zero trust, email security, threat intelligence, AI and third-party risk management.

Event Speakers

Parham Eftekhari
Executive Vice President, Communities

Parham Eftekhari is a recognized business executive in the information security sector with a lifelong passion for leadership, and community engagement. His expertise spans critical infrastructure technology and policy, business strategy and operations, executive advising, and thought leadership content initiatives.

Parham has published over a dozen information security reports, regularly engages with the media, and has contributed to countless briefings and events at institutions including TEDx, Congress, the World Bank, RSA, IFA+, (ISC)2, C-SPAN, and the Institute for Critical Infrastructure Technology (ICIT).

Tom Scurrah
VP, Cybersecurity Programs and Content

For over 20 years, Tom has practiced as a cyber security professional as an executive director of information security for Verizon, a founder of two cyber security consulting firms, and Vice President of Content and Programs for the Cybersecurity Collaborative.

Tom is CEO of MyDataOnly, Inc., which offers privacy and security consultation and security (penetration) testing services. Tom began his career in IT in programming and strategic planning and later founded a customer satisfaction measurement firm.

Tom holds four security certifications (CISSP, CISM, PCIP) and one privacy certification (CIPP/US). He has a master’s degree from MIT’s Sloan School of Management and is a Marine Corps veteran.

Victor Wunschel

Victor Wunschel is a veteran of the United States Marine Corps. He has been an Information Security professional since 2002 and became a CISSP in 2018. He currently serves as the Lead Security Analyst for USAble Life.

Pete Hazen
VP, Security Architecture & Technical Assurance

Pete Hazen has for the past seven years been leading key information security and IAM initiatives at Radian Group, a financial services company that provides mortgage insurance and real estate services to homeowners and lenders in the continental U.S. While at Radian, Pete was responsible for management and deployment of Radian’s Single Sign-On (SSO), Privileged Access Management (PAM), and Enterprise Data Protection programs. Prior to his time at Radian, Pete was a principal consultant, both in a solo capacity and as co-owner of his own 10-person consulting company, managing IAM and other security initiatives for domestic and international businesses in the manufacturing, financial services and healthcare sectors. software/hardware engineer by several Fortune 500 companies focused on IT and product R&D. Pete holds a CISSP and is a graduate of Purdue University, having both BS and MS degrees in Electrical Engineering.