The right metrics empower teams to communicate cross-functionally, and help educate other departments about what’s important and how things are getting better (or worse) over time. As a security leader you may also be able to show new metrics that demonstrate that your organization is not only mitigating risk, but also helping drive sales. This will make your security org quite a bit more popular with go-to-market folks and business-minded engineering leaders. This type of thinking helps you break people out of the “security is a cost center” mindset. Demonstrating that you’re helping the company’s top line helps get you more funding for next year, or in today’s economy–protect what you already have.
This blog was featured in the 162nd tl;dr sec and the 361st Unsupervised Listening newsletters.