2025-04-26 –, Track 2
Information Security is an important part of a maturing business. As such, we need to treat it seriously, which means measuring its effectiveness. What should you measure? How should you measure it? And, most importantly, how should you think about measuring, as a concept? Come listen to this talk to find out.
A discussion of key ideas behind measurement, like strict definition of goals and terms, the idea of "proxy" measurements, some key things to measure (MTTR, MTTD, MTTR) including a starter way to quantify and measure risk. Plus fallacies to watch out for when measuring.
Mark has worked for Silicon Valley tech companies for over ten years, and moonlights as a threat hunter in the Black Hat conference Network Operations Center since spring of 2023, traveling to three Black Hat conferences every year around the world. Prior to working for Silicon Valley tech companies, He was a Threat Hunter, Security Engineer, Incident Responder, and Information Security Team Lead for a multi-billion-dollar enterprise.