SlideShare a Scribd company logo

Lies, Fables and Security Metrics

Rafal Los
Rafal Los

This talk is meant to highlight some of the important things security professionals need to know, when creating security metrics.

Technology
1 of 57
Download to read offline
Connect | Protect | Optimize Lies Fables and Security Metrics
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. Biography Vice President, Security Strategy • 23 years in cyber security • Expertise in program development, strategy, measurement • Podcaster: Down the Security Rabbithole Podcast • Writer and public speaker
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. The Services Platform Core Remote Virtual Connect people, business-critical processes, and assets to data and customers Protect what matters to your business, decrease cyber risk and meet compliance requirements Optimize your strategy and operations to continually evolve
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. Data Needs Meaning Why your metrics presentations fail to deliver your point
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. cybersecurity is not absolute
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. there is always some risk
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. but…so what?
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. critical | high | medium | low
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. “arbitrary critical statistics”
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. consider the statement:
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. “we have 25mi range left”
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. what’s the rest of the story?
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. urgency without context
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. without context it’s arbitrary
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. examples of this…
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. 200 new critical vulns (a) (b) (c)
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. 50% decrease in malware (b) (a)
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. without context – audience makes up their own narrative
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. the lesson:
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. the board cares
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. you’re failing to communicate
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. you’re missing the denominator
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. my 2 main types of metrics
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. trend (better/worse)
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. how is risk trending and why
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. impact (a -> b)
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. result of one or more actions
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. both are composite metrics
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. start with a goal
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. what do you want to show?
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. you may be missing data
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. don’t draw conclusions your data doesn’t support
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. Storytelling How to build impactful metrics that deliver the point
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. start with a goal
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. develop a narrative
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. pre-set the conclusion
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. be ready to be wrong
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. identify the denominator
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. pick the right tool trend or impact metric
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. define your strategy
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. understand key influencers
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. identify data sources
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. collect data
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. rationalize narrative
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. is your narrative supported?
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. present your outcome
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. maintain your data set
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. refine your approach
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. Painting Masterpieces Impactful metrics that deliver outcomes
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. tips to impactful metrics
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. reasonable
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. call to action
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. rational and explainable
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. repeatable
Complexity Averted. Possibilities Realized. © 2021 Lightstream Communications. All rights reserved. stay away from BSNs
Complexity Averted. Possibilities Realized. www.lightstream.tech

Recommended

DoD Cloud Computing Strategy
DoD Cloud Computing StrategyDoD Cloud Computing Strategy
DoD Cloud Computing StrategyGovCloud Network
 
Lew Short emergency response & recovery conference
Lew Short emergency response & recovery conferenceLew Short emergency response & recovery conference
Lew Short emergency response & recovery conferenceBlackash Bushfire Consulting
 
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionSecPod
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionSecPod
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)Rafal Los
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 

Recommended

DoD Cloud Computing Strategy
DoD Cloud Computing StrategyDoD Cloud Computing Strategy
DoD Cloud Computing StrategyGovCloud Network
 
Lew Short emergency response & recovery conference
Lew Short emergency response & recovery conferenceLew Short emergency response & recovery conference
Lew Short emergency response & recovery conferenceBlackash Bushfire Consulting
 
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfThe 5 Ps of Preparedness - Hope is Not a Strategy [1].pdf
The 5 Ps of Preparedness - Hope is Not a Strategy [1].pdfRafal Los
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionSecPod
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionSecPod
 
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)
SAINTCON 21 - Of Sandcastles and Luck (Fixing Vulnerability Management)Rafal Los
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24
 
MITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE ATT&CKcon Power Hour - November
MITRE ATT&CKcon Power Hour - NovemberMITRE - ATT&CKcon
 
Noi siamo Ivanti: più forti insieme!
Noi siamo Ivanti: più forti insieme! Noi siamo Ivanti: più forti insieme!
Noi siamo Ivanti: più forti insieme! Ivanti
 
Software Principles and Project Deadlines Don't have to be Polar Opposites.pdf
Software Principles and Project Deadlines Don't have to be Polar Opposites.pdfSoftware Principles and Project Deadlines Don't have to be Polar Opposites.pdf
Software Principles and Project Deadlines Don't have to be Polar Opposites.pdfCraig Saunders
 
CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202EstelaJeffery653
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Enterprise Risk Analysis PowerPoint Presentation Slides
Enterprise Risk Analysis PowerPoint Presentation SlidesEnterprise Risk Analysis PowerPoint Presentation Slides
Enterprise Risk Analysis PowerPoint Presentation SlidesSlideTeam
 
Edgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEdgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEoin Keary
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdfssuserc3d7ec1
 
Digital Cyber Risk Security Malaysia.pptx
Digital Cyber Risk Security Malaysia.pptxDigital Cyber Risk Security Malaysia.pptx
Digital Cyber Risk Security Malaysia.pptxPhilip Irode; CISA,CRISC,CISM, CBCI & ITIL v3.
 
CyberDen 2020
CyberDen 2020CyberDen 2020
CyberDen 2020Fahad Al-Hasan
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gatesEoin Keary
 
Business Risk Analysis PowerPoint Presentation Slides
Business Risk Analysis PowerPoint Presentation SlidesBusiness Risk Analysis PowerPoint Presentation Slides
Business Risk Analysis PowerPoint Presentation SlidesSlideTeam
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 
neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?
neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?
neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?Leonard Lee
 
Journey to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisJourney to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisAggregage
 
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...InfluxData
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, LondonJohn Palfreyman
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
cyberready-solutions
cyberready-solutionscyberready-solutions
cyberready-solutionsNoah Kline
 
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityRafal Los
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Rafal Los
 

More Related Content

Similar to Lies, Fables and Security Metrics

Noi siamo Ivanti: più forti insieme!
Noi siamo Ivanti: più forti insieme! Noi siamo Ivanti: più forti insieme!
Noi siamo Ivanti: più forti insieme! Ivanti
 
Software Principles and Project Deadlines Don't have to be Polar Opposites.pdf
Software Principles and Project Deadlines Don't have to be Polar Opposites.pdfSoftware Principles and Project Deadlines Don't have to be Polar Opposites.pdf
Software Principles and Project Deadlines Don't have to be Polar Opposites.pdfCraig Saunders
 
CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202EstelaJeffery653
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.martin_lee1969
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
 
Enterprise Risk Analysis PowerPoint Presentation Slides
Enterprise Risk Analysis PowerPoint Presentation SlidesEnterprise Risk Analysis PowerPoint Presentation Slides
Enterprise Risk Analysis PowerPoint Presentation SlidesSlideTeam
 
Edgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEdgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEoin Keary
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdfssuserc3d7ec1
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gatesEoin Keary
 
Business Risk Analysis PowerPoint Presentation Slides
Business Risk Analysis PowerPoint Presentation SlidesBusiness Risk Analysis PowerPoint Presentation Slides
Business Risk Analysis PowerPoint Presentation SlidesSlideTeam
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 
neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?
neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?
neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?Leonard Lee
 
Journey to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisJourney to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisAggregage
 
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...InfluxData
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 ThreatscapePeter Wood
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, LondonJohn Palfreyman
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
cyberready-solutions
cyberready-solutionscyberready-solutions
cyberready-solutionsNoah Kline
 

Similar to Lies, Fables and Security Metrics (20)

Noi siamo Ivanti: più forti insieme!
Noi siamo Ivanti: più forti insieme! Noi siamo Ivanti: più forti insieme!
Noi siamo Ivanti: più forti insieme!
 
Software Principles and Project Deadlines Don't have to be Polar Opposites.pdf
Software Principles and Project Deadlines Don't have to be Polar Opposites.pdfSoftware Principles and Project Deadlines Don't have to be Polar Opposites.pdf
Software Principles and Project Deadlines Don't have to be Polar Opposites.pdf
 
CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202CHAPTER 1Risk Management FundamentalsCopyright © 202
CHAPTER 1Risk Management FundamentalsCopyright © 202
 
How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.How Adopting the Cloud Can Improve Your Security.
How Adopting the Cloud Can Improve Your Security.
 
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleOptimizing Security Velocity in Your DevSecOps Pipeline at Scale
Optimizing Security Velocity in Your DevSecOps Pipeline at Scale
 
Enterprise Risk Analysis PowerPoint Presentation Slides
Enterprise Risk Analysis PowerPoint Presentation SlidesEnterprise Risk Analysis PowerPoint Presentation Slides
Enterprise Risk Analysis PowerPoint Presentation Slides
 
Edgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEdgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics Report
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf
 
Digital Cyber Risk Security Malaysia.pptx
Digital Cyber Risk Security Malaysia.pptxDigital Cyber Risk Security Malaysia.pptx
Digital Cyber Risk Security Malaysia.pptx
 
CyberDen 2020
CyberDen 2020CyberDen 2020
CyberDen 2020
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gates
 
Business Risk Analysis PowerPoint Presentation Slides
Business Risk Analysis PowerPoint Presentation SlidesBusiness Risk Analysis PowerPoint Presentation Slides
Business Risk Analysis PowerPoint Presentation Slides
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020
 
neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?
neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?
neXt Curve reThink: What Meltdown & Spectre Mean for IoT Past, Present & Future?
 
Journey to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a CrisisJourney to the Perfect Application: Digital Transformation During a Crisis
Journey to the Perfect Application: Digital Transformation During a Crisis
 
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
Bhagvan Kommadi [Value Momentum] | TeleHealth Platform: DevOps-Based Progress...
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
 
cyberready-solutions
cyberready-solutionscyberready-solutions
cyberready-solutions
 

More from Rafal Los

Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityRafal Los
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Rafal Los
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning warsRafal Los
 
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013Rafal Los
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Rafal Los
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Rafal Los
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rafal Los
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Rafal Los
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterpriseRafal Los
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessRafal Los
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Rafal Los
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security AssuranceRafal Los
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationRafal Los
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelRafal Los
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Rafal Los
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Rafal Los
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0Rafal Los
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Rafal Los
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Rafal Los
 

More from Rafal Los (20)

Irrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber SecurityIrrational But Effective - Applying Parenthood Lessons to Cyber Security
Irrational But Effective - Applying Parenthood Lessons to Cyber Security
 
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
Strategies and Tactics for Effectively Managing Vulnerabilities in Diverse En...
 
Losing battles, winning wars
Losing battles, winning warsLosing battles, winning wars
Losing battles, winning wars
 
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 20135 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
5 Things CFOs Need to Know About Enterprise Security - HP CFO Summit 2013
 
Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]Operationalizing Security Intelligence [ InfoSec World 2014 ]
Operationalizing Security Intelligence [ InfoSec World 2014 ]
 
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
Operationalizing security intelligence for the mid market - Rafal Los - RSA C...
 
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
Rebooting the Enterprise Security Program for Defensibility - ISSA Internatio...
 
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]Cloud Security Alliance- Challanges of an elastic environment v8a [public]
Cloud Security Alliance- Challanges of an elastic environment v8a [public]
 
Threat modeling the security of the enterprise
Threat modeling the security of the enterpriseThreat modeling the security of the enterprise
Threat modeling the security of the enterprise
 
Making Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in BusinessMaking Measurable Gains - Contextualizing 'Secure' in Business
Making Measurable Gains - Contextualizing 'Secure' in Business
 
Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."Security BSides Atlanta - "The Business Doesn't Care..."
Security BSides Atlanta - "The Business Doesn't Care..."
 
Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...Software Security Assurance - Program Building (You're going to need a bigger...
Software Security Assurance - Program Building (You're going to need a bigger...
 
The Future of Software Security Assurance
The Future of Software Security AssuranceThe Future of Software Security Assurance
The Future of Software Security Assurance
 
Defying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with AutomationDefying Logic - Business Logic Testing with Automation
Defying Logic - Business Logic Testing with Automation
 
Ultimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI ModelUltimate Hack! Layers 8 & 9 of the OSI Model
Ultimate Hack! Layers 8 & 9 of the OSI Model
 
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
Into the Rabbithole - Evolved Web App Security Testing (OWASP AppSec DC)
 
Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)Oh No They Didn't! 7 Web App Security Stories (v1.0)
Oh No They Didn't! 7 Web App Security Stories (v1.0)
 
The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0The QA Analyst's Hacker's Landmark Tour v3.0
The QA Analyst's Hacker's Landmark Tour v3.0
 
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
Magic Numbers - 5 KPIs for Measuring SSA Program Success v1.3.2
 
Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3Sans Feb 2010 - When Web 2 0 Attacks v3.3
Sans Feb 2010 - When Web 2 0 Attacks v3.3
 

Recently uploaded

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Lies, Fables and Security Metrics