getting the board’s buy-in through soc metrics...implementation, and building and managing...

Copyright MKA Cyber © 2017. All rights reserved.

Getting the Board’s Buy-In Through SOC Metrics Mischel Kwon, CEO

MKACyber

2

Not your average Data Center IT anymore…

3

Current Cyber Threats

4

Current Cyber Attacks

5

Change in Use – Change in Risk

• Digital Revenue

• Societal Use

- Social Media

- New Outlets

- Elections

• Operational II

- Medical Devices

- Transportation

- Communication

• Cloud and Outsourced Application

• Mobile Devices and BYOD

• Supply Chain

- Chips

• Communications

• Data Storage and Processing

• In House Applications

• Desktops

• Data Centers

6

What Makes you Vulnerable – Why?

• Lack of Threat Understanding

• Lack of Visibility

• Lack of Patching

• Weak Security Controls

• Antiquated Technology

• Unclear Cloud Role

• Un-managed Outsourced Applications

• Poor Code

• Supply Chain

• Staffing

• Methodology

• Technology

• Tooling

• Relationships

• Contracts

How Do We Fix This?

7

Embracing the “C” level

8

Business Hierarchy, Priorities, Communication

BOARD OF DIRECTORS

BUSINESS UNIT

CIO / CISO

TECHNICAL MANAGEMENT

CEO

9

Business Unit Leader’s Priorities

RISK MANAGEMENT

PROFITABILITY ANALYSIS

FORECASTING

BUSINESS INTELLIGENCE

PERFORMANCE MANAGEMENT

BUSINESS UNIT

BUDGETING

STRATEGIC PLANNING

10 10

• Metrics are NO longer time to deliver, SLA-based

• Metrics should be a contribution to the P&L

• Metrics should always tie back to the balance sheet

• Statistics capture the

current status of what

you are measuring

• Metrics tell the story of

how well what you are

measuring is performing

STATISTICS

METRICS

Statistics vs. Metrics

11

Being a Participating Member of the Business Leadership Team

Be a

Business

Unit Leader

Show cost efficiency

Solution delivery remediation

High performing, transparent team

Just right – organized data, tooling, staff – just in time

Business

goal

12

Organize, Automate, Report, Improve, Protect

13

Mischel Kwon

CEO, MKACyber

Over 35 years of experience

in application development,

network architecture and

implementation, and building

and managing Security

Operations Centers (SOC).

Former, Head of US-

CERT

Former, Chief IT

Security Technologist,

Department of Justice

Founder, Cybersecurity

Diversity Foundation