This event has ended. Create your own event → Check it out
This event has ended. Create your own
View analytic
Sunday, April 19 • 12:00pm - 1:00pm
No More Fudge Factors and Made-up Shit: Performance Numbers That Mean Something

Sign up or log in to save this to your schedule and see who's attending!

This talk isn’t about security. It’s about how any security team can measure and improve its overall performance, and also better satisfy your non-technical bosses and clients. Besides “are we secure?”, bosses want to know “is the team performing well?” At some point, you’ll probably be asked for a scorecard or dashboard – “and make it simple”. Maybe you've already tried to create a scoring spreadsheet only to find that it's full of fudge factors, incomprehensible formulas, or made-up shit. There is a better way. This session presents a credible and powerful method – the Thomas Scoring System (TSS) -- to estimate an aggregate performance index from a grab bag of ground-truth metrics and evidence. TSS can help you present solid, defensible metrics to the bosses, and it can also help your team learn what really drives performance and how to improve. Several case studies will be demonstrated: Vendor Risk Assessment, Vulnerability Management, and Security Operations. TSS is Creative Commons and open source. Excel and R+Shiny tools will be released.

avatar for Russell Cameron Thomas

Russell Cameron Thomas

Data Scientist, PhD candidate, A financial firm
Russell is Security Data Scientist at a Large Financial Firm and a PhD student in Computational Social Science at George Mason University. He's been involved with security metrics and risk analysis since 2007. He has a few decades of experience in the Information Technology sector, including engineer, manager, and consultant, working in design, manufacturing, marketing, IT, and strategy functions. He has a BS in electrical engineering and... Read More →

Sunday April 19, 2015 12:00pm - 1:00pm

Attendees (27)