Building Better Security Metrics

Presented at Blue Team Con 2022, Aug. 27, 2022, 3:40 p.m. (50 minutes)

Let’s face it: most of us don’t like gathering and reporting metrics. But the boss says “that which isn’t measured isn’t managed.” Of course there’s the problem of users gaming metrics to paint unrealistic pictures to stakeholders. Good metrics should serve as a heuristic for stakeholders to understand a situation at a high level without needing to understand all the nuance of how the sausage is made. In other words, metrics should tell a story. Since you’ll be generating security metrics anyway, shouldn’t they tell the right story?

Beyond the obvious justification of “management says you have to,” as an aspiring security leader you should be self-motivated to create and deliver better metrics. If there’s one thing leadership abhors, it’s uncertainty. Better metrics don’t eliminate uncertainty, but they do promote better understanding, leading to better evaluation of risk.

In this presentation, you’ll learn the principles of generating compelling metrics. We’ll then cover examples of easy-to-gather metrics across a range of security disciplines, including SOC, cyber threat intelligence, threat hunting, and incident response. Come learn how to level up your metrics game in this session!


  • Jake Williams - Director of Cyber Threat Intelligence, SCYTHE
    Jake Williams, an information security consultant and Director of Cyber Threat Intelligence at SCYTHE, has two decades of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Williams was a founding member of both BreachQuest and Rendition Infosec and worked with various government agencies in information security over nearly 18 years. Williams is an IANS Faculty Member and works as a SANS Analyst. He is a prolific speaker on topics in information security and has trained thousands of people on incident response, red team operations, reverse engineering, cyber threat intelligence, and other information security topics. Jake is the two-time winner of the DC3 Digital Forensics Challenge, a recipient of the DoD Exceptional Civilian Service Award, and is one of only a handful of people to ever be certified as Master Network Exploitation Operator by the US Government.

Similar Presentations: