Size Doesnt Matter Metrics and Other Four Letter Security Words

You are here. No really, you are here. But how do you know where here is? How do you know if you're better or worse than your industry counterparts? Maintaining an effective security program requires focus on metrics and frameworks as a backdrop to narrate a larger story about the threat landscape and your organization. My talk will focus in on how to get started on security metrics fundamentals, use of frameworks such as CSF and CSC20 and how to translate this into business language so everyone from a sysadmin to the C-Suite can understand. Jim Menkevich is an Information Security, Privacy and Risk Management professional with 17+ years of experience. Through his career he has lead teams in Cybersecurity, Enterprise Architecture, Systems Integration and Application Development. Jim specializes in applying methodologies, frameworks and ideas outside of the intended domain which generate new and fresh angles to address industry challenges. When he's not working, Jim enjoys writing poetry, running and spending time with his family. Jim is currently the Director of Data Protection and Security Governance at Health Partners Plans in Philadelphia. Jim Menkevich @JimMenkevich