Rewind, Revisit, Reinforce, Retain with OnDemand - Special Offer Available Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Quantifying Security Performance: The Why, What and How of Security Ratings

  • Tuesday, October 28, 2014 at 1:00 PM EDT (2014-10-28 17:00:00 UTC)
  • Stephen Boyer, John Pescatore


  • Bitsight

You can now attend the webcast using your mobile device!



Quantifying security performance can be a tricky thing. When your board wants to know whether you are more or less secure than your peers and competitors, what do you tell them? Better yet- what metrics do you show them? And what if you're tasked with assessing vendor security risk? What metrics do you use to provide an objective and consistent assessment and how do you maintain any performance assessment on a continuous basis?

This is where Security Ratings, a powerful, data-driven, performance assessment solution, have come into play. Join this SANS webinar in the Ask the Experts series, featuring analyst John Pescatore and Stephen Boyer, CTO and co-founder of BitSight Technologies, for a discussion around:

  • The challenges associated with quantifying security performance in a risk management program
  • The value of looking at performance trends beyond the company walls and using data to learn from issues occurring in your industry and in peer networks
  • How companies are using Security Ratings to address issues such as benchmarking security performance and managing vendor and portfolio risk.
  • A live demo of the BitSight Security Ratings Customer Portal and overview of the ratings process

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013. He has 35 years experience in computer, network and information security. Prior to joining the SANS Institute, Mr. Pescatore was Gartnerís lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Before joining Gartner, Mr. Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Mr. Pescatore spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is also an Extra class amateur radio operator, callsign K3TN.

Stephen Boyer

Stephen cofounded BitSight in 2011 and serves as Chief Technology Officer. Prior to founding BitSight, Stephen was President and Cofounder of Saperix, a company spun out of the MIT Lincoln Laboratory focused on vulnerability and network topology risk analysis. Saperix was acquired by FireMon in 2011.

While at the MIT Lincoln Laboratory, Stephen was a member of the Cyber Systems and Technology Group where he led R&D programs solving large-scale national cybersecurity problems. His work at the MIT Lincoln Laboratory included research, development, and evaluation of next generation intrusion detection correlation architectures, attack graph vulnerability analysis, large-scale cyber situational awareness, security risk measurement, and cyber simulation and testing.

Prior to joining the MIT Lincoln Laboratory, Stephen designed, developed, and tested products at one of the earliest Linux startup companies, Caldera Systems. Stephen holds a Bachelors degree in Computer Science from Brigham Young University and Master of Science in Engineering and Management from the Massachusetts Institute of Technology.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.