2025-12-13 –, Track 3
OUT OF WHAT?
The business, the world, your boss, your client, want you to tell them that they are not going to be the next headline, they are not going to be hacked, they are safe, that the money that they have spent on cyber security has delivered them from the cyber evils of the world.
So yes 46.
That's a number right? Metrics and certainty in an uncertain world - businesses run on metrics, cyber security runs on caffeine.
How do you know your security is right?
How do you know that you are getting your moneys worth?
How do you justify your existence?
So lets look at it, strip away PowerPoint, bell curves and NPS scores and figure out what matters and how to tell people that yes, they scored 46 out of it depends....
When we are bombarded with metrics from vendors, from news, from insurance companies, how do we make sense of it all?
Cyber Security Professionals are there to protect the business, but how do you distil this into a number that makes sense to the business?
If you are getting a service from a vendor - how do you know what they should be reporting? Is it true - is it snake oil?
Bad goals and metrics = bad outcomes
If your team doesn't seem happy - are they just grumpy or is there a problem?
Have you bought the silver bullet of security controls or have you been sold a lemon?
When you don't understand the numbers, or how they are made, what the jargon means is there any point to looking at that graph?
This talk looks at numbers, goals, metrics and statistics from the viewpoint of a vendor, a customer and a cyber security professional.
TLDR - we need to do better.
A Cyber Security and IT Professional with over 25 years experience in helping build and protect organisations and the people that work in them.
A self-admitted geek, who still finds wonder in things, I try to be a doer of good deeds.
Current and previous roles including
Co-Founder - Damn Good Security Ltd - cyber security consultancy and managed services for companies of all sizes.
Cyber Security Operations Director @ National Grid / National Gas,
Head of Managed Security Services, Quorum Cyber
Principal Consultant in Managed Services, Senior Technical
Consultant, and Senior Incident Responder
Co-Founder - Hack Thursday - Cyber community meet up group for the central belt of Scotland.
Co-Founder - Hack Glasgow - Scotland's annual community led Cyber Security Conference
Volunteer, Presenter, MC and Mentor at various events and levels from student events through to customer, professional and CISO panels.
As a way of contributing and helping the cyber community I regularly
volunteer for cyber groups, as a mentor to new speakers, panel
member on cyber discussions, conference volunteer and as a
presenter covering Keynotes, technical talks, Leadership and career
topics.
Contributing Author : 97 Things Every Information Security Professional Should Know
Interesting Note: Nobody has ever seen Batman and David in the same room at the same time.