Hashtag Realtalk with Aaron Bregg
Welcome to my little corner of the Internet!
In this channel I give 'real talk' about information security and technologies that impact both your business and personal lives. I try and focus on issues and items that can help you become more 'security curious'. The ultimate goal of help protect your personal and professional well being.
Employer Disclaimer - The opinions and views expressed in the podcast are not necessarily the views of my current employer, Corewell Health.
Legal Disclaimer - All of the security advice that I give is 'as is' and does not constitute real paid professional advice. As with everything security related, please seek second opinions from paid professionals. Photo by
Hashtag Realtalk with Aaron Bregg
Episode 42 - Lessons Learned: Security Metrics
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode I talk with Jim Kuiphof and Aaron Silver from Spectrum Health Information Security. We take a look at the last 5 years of the security program to glean some lessons learned about Security Metrics.
Talking Points:
There are three key principles in any security metrics program:
- It’s a Journey - You are going to have to be OK with taking a faceplant at first before you can mature and get quality metrics. Think of metrics are a ‘lifecycle’
- The ‘Why’ - What is the problem are you trying to solve e.g. How to effect change from your metrics. (Not getting numbers to just getting numbers)
- Build Partnerships - It’s a team effort. Invite help. Don’t do this in a vacuum. The first time a director sees a metric shouldn’t be in an all director meeting. Shaming isn’t going to help your cause.