Measuring Security
How do you create metrics for something with so many variables?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Part of my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Multicloud Security | Data Breaches | Cloud Governance
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I sat in a meeting once where an executive at a financial institution was asking a member of the security team what requirements our cloud engineering team needed to meet to install a proxy in the cloud. (I’m talking about the type of proxy enterprises use to allow or disallow certain URLs from entering a network, not the kind attackers use to bore through your firewalls.)
Although I was a security person, a technical person, a cloud and a software engineer, I could understand the frustration on the executive’s part when trying to get a straight answer on requirements. The security professional was hemming and hawing with a lot of, “well that depends,” and “if thens” and by the end of the call we had no clear guidance as to how we could proceed.
Simple strategies and caveats
That conversation and others like it, in part, are why I wrote Cybersecurity for Executives in the Age of Cloud. I wanted to provide concrete guidance…