Ending Soon: Get a MacBook Air or Surface Pro 7 with 5 or 6 Day Training - Best Offers of the Year!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Improving the Bottom Line with Effective Security Metrics: A SANS Survey

  • Wednesday, August 12, 2020 at 1:00 PM EDT (2020-08-12 17:00:00 UTC)
  • Barbara Filkins, John Pescatore


  • Cisco Systems Inc.
  • Code42
  • ThreatConnect

You can now attend the webcast using your mobile device!



In SANS surveys, CISOs consistently report their major obstacle is the inability to obtain management commitment to increase cybersecurity resources and investment. Not surprisingly, a high percentage of CISOs also report that security teams do not collect and present security metrics with any meaningful connections to the business mission and goals. If you cant express the effectiveness and efficiency of your cybersecurity program, how can you ever convince management to increase the organizations investment in cybersecurity?

This webcast will present the results of a SANS survey with both quantitative results about the overall state of metrics across cybersecurity operations, as well as interview-based qualitative results detailing success stories and best practices of security teams who have been collecting and presenting business-relevant security metrics.

Attendees will learn:

  • Which metrics are used most frequently to track, measure and report on the status of security efforts
  • Which metrics are meaningful for tactical operational decisions as well as communicating risk reduction and exposures in business meaningful terms
  • How organizations define the metrics they use
  • What data sources provide the best basis for establishing metrics

Register today to among the first to receive the associated whitepaper written by SANS Analyst Program Research Director Barbara Filkins with advice from SANS Director of Emerging Security Trends John Pescatore.

Click here to register for a companion webcast focusing on real-world examples of security metrics in action on Wednesday, August 19, 2020 at 1 PM Eastern.

Speaker Bios

Barbara Filkins

Barbara Filkins, SANS Analyst Program Research Director, holds several SANS certifications, including the GSEC, GCIH, GCPM, GLEG and GICSP, the CISSP, and an MS in information security management from the SANS Technology Institute. She has done extensive work in system procurement, vendor selection and vendor negotiations as a systems engineering and infrastructure design consultant. Barbara focuses on issues related to automation—privacy, identity theft and exposure to fraud, plus the legal aspects of enforcing information security in today’s mobile and cloud environments, particularly in the health and human services industry, with clients ranging from federal agencies to municipalities and commercial businesses.

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.