Security Management

F5: What Gets Measured Gets Done: Crafting Security Program Metrics You AND Your Boss Care About

Friday, June 9, 2023 9:30 AM - 10:30 AM

Room 506


Cybersecurity has evolved well past being a technology issue to become a business risk issue, garnering a lot more interest and scrutiny from company leadership and boards. While we as cybersecurity professionals are thankful that the C-suite appreciates the importance of what we do more than ever before, it also requires us to communicate with leadership in terms and metrics they can understand. This can be challenging because it requires not only the collection of data, but more importantly, the analysis of that data and what it means for the company. In this presentation, Mike Pedrick, VP of Cybersecurity Consulting at Nuspire, will talk about the cybersecurity metrics that matter and how to capture those metrics in a compelling way. As a veteran consultant and trainer for ISACA, Mike has helped hundreds of cybersecurity professionals navigate the metric minutiae to deliver the reporting that not only communicates their value to leadership, but also helps drive meaningful improvement in their security posture.

Learner Objectives

RMISC attendees will walk away from Mike’s session with actionable strategies to address their measurement needs, including: -- How to identify the ways a cybersecurity program should be measured -- Effective strategies for tracking – and reporting on – progress -- Key insights into what executive leadership is looking for -- Lessons learned from the front lines of consulting for cybersecurity teams across all industries