build - measure - learn


Measuring security isn't easy. There's a lot of building going on but we need to close a build-measure-learn loop in order to make sustainable progress.

How can we credibly argue for security investments, unless we quantify the current and desired future state? Metrics should be collectable, robust and meaningful. What do you wish to communicate? Base your narrative on facts that are relevant for stakeholders.

Without trying, it won't happen. Find a couple of simple metrics and start measuring now.

No comments: