Security Program Management Microsoft, United States
Traditionally, successful technical outcomes in security have hinged on quantitative output metrics such as number of vulnerabilities detected, or the time to patch them. However, as cybersecurity becomes more integrated with business operations and strategy, there's an emerging need to evaluate the ability to measure established security processes through impact metrics to drive optimization. This becomes imperative as we get introduced to a rapidly evolving complex ecosystem of security programs and their intertwined operational boundaries.
This talk aims to delve deep into qualitative security process metrics, providing a practical understanding, while highlighting their usage in different use cases and showcasing techniques of implementation through examples. It answers the question: How can data-driven insights derived from process metrics fuel informed decision-making and drive optimized security programs?
Learning Objectives:
Explore methodologies and tools for measuring and tracking program management processes effectively, and discover best practices for implementing measurement frameworks that provide actionable insights, enabling informed decision-making and continuous improvement.
Connect the dots on how technical KPIs can be paired with underlying qualitative "pulse" metrics to deliver storytelling on the impact using data.
Learn how to identify and design key impact metrics based on the organization's maturity level and demonstrate the health of your security processes.
.jpg "Aparna Ash Himmatramka photo")