Jun 29, 2022
Dale Peterson interviewed Richard Seiersen, author of new book
The Metrics Manifesto: Confronting Security With Data.
- For security controls - what would I see that would show me it
is working? How do I measure the effectiveness and efficiency of my
- Why is so much of the book code, and can the book be valuable
if you don't go through the code?
- A lot of time spent on categories of metrics: burndown and
survival, arrival and escapes, and wait time
- Most of the examples in the book are vuln prevention and
remediation ... how will the statistics deal with increases due to
SBOMs? ... how to address vulnerabilities with very different
- How to address the CISO wanting a single dashboard with OT and
IT metrics with very different risk related to those metrics?
- The concept of value of / return on control and how some CISOs
are dealing with cyber risk
- Using SME beliefs as data
- and a lot more