Who Watches the Watchers? Metrics for Security Strategy

BSidesLV 2015

Presented by: Michael Roytman
Date: Wednesday August 05, 2015
Time: 11:00 - 11:55
Location: Florentine F
Track: Ground Truth

Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach?

Michael Roytman

Michael Roytman is responsible for building out Risk I/O’s analytics functionality, and has been selected to speak at BSides, Metricon, SIRACon and more. His work at Risk I/O focuses on security metrics, risk measurement, and vulnerability management and his work has been published in USENIX. He formerly worked in fraud detection in the finance industry, and holds an M.S. in Operations Research from Georgia Tech. His home in Chicago contains a small fleet of broken-down drones.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats