Sign up to save your podcasts
Or
Share The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott | Redefining CyberSecurity with Sean Martin
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Fault in Our Metrics: Rethinking How We Measure Detection & Response | A Conversation with Allyn Stott | Redefining CyberSecurity with Sean Martin
Guest: Allyn Stott, Senior Staff Engineer, meoward.co
On LinkedIn | https://www.linkedin.com/in/whyallyn
On Twitter | https://x.com/whyallyn
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
View This Show's Sponsors
___________________________
Episode Notes
In this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.
Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.
In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.
Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.
The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.
For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.
In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
đź“ş https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
đź“ş https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
The Fault in Our Metrics: Rethinking How We Measure Detection & Response (BSIDES Session): https://bsideslv.org/talks#EVFTBT
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:Â
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
View all episodes
By Sean Martin, ITSPmagazine
5
33 ratings
Guest: Allyn Stott, Senior Staff Engineer, meoward.co
On LinkedIn | https://www.linkedin.com/in/whyallyn
On Twitter | https://x.com/whyallyn
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
View This Show's Sponsors
___________________________
Episode Notes
In this episode of The Redefining CyberSecurity Podcast, host Sean Martin converses with Allyn Stott, who shares his insights on rethinking how we measure detection and response in cybersecurity. The episode explores the nuances of cybersecurity metrics, emphasizing that it's not just about having metrics, but having the right metrics that truly reflect the effectiveness and efficiency of a security program.
Stott discusses his journey from red team operations to blue team roles, where he has focused on detection and response. His dual perspective provides a nuanced understanding of both offensive and defensive security strategies. Stott highlights a common issue in cybersecurity: the misalignment of metrics with organizational goals. He points out that many teams inherit metrics that may not accurately reflect their current state or objectives. Instead, metrics should be strategically chosen to guide decision-making and improve security posture. One of his key messages is the importance of understanding what specific metrics are meant to convey and ensuring they are directly actionable.
In his framework, aptly named SAVER (Streamlined, Awareness, Vigilance, Exploration, Readiness), Stott outlines a holistic approach to security metrics. Streamlined focuses on operational efficiencies achieved through better tools and processes. Awareness pertains to the dissemination of threat intelligence and ensuring that the most critical information is shared across the organization. Vigilance involves preparing for and understanding top threats through informed threat hunting. Exploration encourages the proactive discovery of vulnerabilities and security gaps through threat hunts and incident analysis. Finally, Readiness measures the preparedness and efficacy of incident response plans, emphasizing the coverage and completeness of playbooks over mere response times.
Martin and Stott also discuss the challenge of metrics in smaller organizations, where resources may be limited. Stott suggests that simplicity can be powerful, advocating for a focus on key risks and leveraging publicly available threat intelligence. His advice to smaller teams is to prioritize understanding the most significant threats and tailoring responses accordingly.
The conversation underscores a critical point: metrics should not just quantify performance but also drive strategic improvements. By asking the right questions and focusing on actionable insights, cybersecurity teams can better align their efforts with their organization's broader goals.
For those interested in further insights, Stott mentions his upcoming talks at B-Sides Las Vegas and Blue Team Con in Chicago, where he will expand on these concepts and share more about his Threat Detection and Response Maturity Model.
In conclusion, this episode serves as a valuable guide for cybersecurity professionals looking to refine their approach to metrics, making them more meaningful and aligned with their organization's strategic objectives.
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
đź“ş https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
đź“ş https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
The Fault in Our Metrics: Rethinking How We Measure Detection & Response (BSIDES Session): https://bsideslv.org/talks#EVFTBT
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:Â
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
More shows like Redefining CyberSecurity
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
375 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
Smashing Security
322 Listeners
ITSPmagazine
31 Listeners
Darknet Diaries
8,010 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
73 Listeners
Cyber Security Headlines
134 Listeners
Hard Fork
5,469 Listeners
The Ezra Klein Show
16,035 Listeners
Cybersecurity Where You Are (video)
13 Listeners
Audio Signals Podcast
2 Listeners
HBR On Leadership
157 Listeners
Stories From Space
4 Listeners
Redefining Society and Technology Podcast
0 Listeners