DTF Cyber Podcast
Are you tracking cybersecurity metrics that actually keep your business secure, or are you just reporting "the weather" to your executive board? In Episode 48 of the DTF Cyber Podcast, Damian Chung, Troy Wilkinson, and Fern sit down with enterprise security operations leader Jason Barnes to look past the vanity metrics and deliver a definitive blueprint on the metrics that actually drive decisions. We break down the operational realities of security telemetry across three critical categories: operational speed, corporate risk liability, and the human element. From navigating the true timeline of Mean Time to Detect (MTTD) to calculating hard-dollar risk through the FAIR model, this episode details exactly how to align engineering data with courtroom and boardroom defensibility. 📌 Key Timestamps: 00:00 - Security Metrics vs. Reporting the Weather 01:53 - Welcoming Special Guest Jason Barnes 02:50 - Ripping Dashboards Apart: Grouping by Category 03:37 - Metric 1: Mean Time to Detect (MTTD) & Attacker Dwell Time 05:26 - Fern’s "Intruder in the Attic" Analogy 08:00 - Addressing Timeline Manipulation in SOC Detection Logic 09:51 - Metric 2: Mean Time to Respond & Remediate (MTTR) 12:41 - Alert Fatigue: The Danger of Acknowledging Without Triaging 15:55 - Metric 3: Patch Cadence & The 72-Hour KEV Mandate 24:14 - Brand Reputation vs. Lost Sales: Calculating True Impact 27:03 - Metric 4: Security Control Coverage & Mapping MITRE ATT&CK 31:16 - The Shelfware Epidemic: Why 80% of Tools are Half-Deployed 32:02 - Metric 5: Supply Chain & Managing Third-Party Risk 38:31 - Metric 6: Cyber Risk, Financial Exposure, & The FAIR Model 45:19 - Metric 7: Phishing Repeat Offenders & Broken Human Firewalls 00:49:09 - Metric 8: Alert-to-Analyst Ratio & Workforce Burnout 00:50:44 - Operationalization Failures: Growth in Alerts From New Tools 00:51:51 - Metric 9: Security Investment ROI & Eliminating Uncertainty 00:53:40 - Guilt by Association: Why Shelfware Kills Long-Term Sales Relationships 00:58:01 - Metric 10: Incident Root-Cause Trends & After Action Reports 01:03:14 - Case Management vs. Using AI to Summarize Root Cause Analysis (RCA) Themes 01:06:04 - Metric 11 (BONUS JASON BARNES LANE): Exploitability & Internal Surface Attack Mapping (CMDB)
47 episodios
Comentarios
0Sé la primera persona en comentar
¡Regístrate ahora y únete a la comunidad de DTF Cyber Podcast!