CISO Series offers podcasts and resources for cybersecurity professionals. In a recent episode, host David Spark and guest Nathan Hunstad discussed the importance of framing security metrics as narratives to engage businesses, emphasizing metrics tied to business objectives rather than traditional ones like MTTD/MTTR. They argued against the effectiveness of phishing tests that can stress employees while failing to enhance security culture. They also critiqued many pentests as mere vulnerability scans, advocating for engaging, impactful testing that demonstrates real-world risks. The episode encourages a collaborative approach to security metrics and testing, highlighting the importance of aligning them with business outcomes.
https://cisoseries.com/are-you-implying-this-line-graph-isnt-a-compelling-cybersecurity-narrative/