What Gets Measured Gets Done
Water, water everywhere, nor any drop to drink. That quote from Coleridge’s The Rime of the Ancient Mariner aptly describes the situation with cyber metrics: we are awash in data yet have trouble measuring cybersecurity, particularly at the national level. This talk will discuss this long-standing problem and how national governments could address it. The discussion will cover what makes for good metrics, which ones would be both informative and practical in the cybersecurity context, and how decision-makers could use them to inform choices at the national level. It will also lay out some good news for cyber defenders when you start looking at some the proposed metrics. While measuring cybersecurity precisely may be impossible, metrics can make national decision-making processes better.
Michael Daniel – Cyber Threat Alliance
Michael Daniel serves as the President & CEO of the Cyber Threat Alliance (CTA), a not-for-profit membership association that enables cyber threat information sharing among cybersecurity organizations. Prior to CTA, Michael served as US Cybersecurity Coordinator from 2012 to 2017, leading US cybersecurity policy development both domestically and internationally, facilitating US government partnerships with the private sector, and coordinating significant incident response activities. From 1995 to 2012, Michael worked for the Office of Management and Budget, overseeing funding for the U.S. Intelligence Community. Michael also works with the private sector Ransomware Task Force, Aspen Cybersecurity Group, the World Economic Forum’s Global Future Council on Cybersecurity and the Partnership Against Cybercrime, and other organizations improving cybersecurity in the digital ecosystem. In his spare time, he enjoys running and martial arts.