On the latest episode of the Vigilance podcast, I had the pleasure of speaking with Jim Routh. Jim is a renowned cybersecurity expert with a wealth of experience, including:
— Serving as CISO at six different organizations
— Board memberships at FS-ISAC and H-ISAC
— Advising roles with cybersecurity and IT companies
— Teaching cybersecurity at NYU
— Mentoring CISOs
He brings unique insights to the conversation through his expertise in:
— Applying risk management discipline to global enterprises
— Designing security controls using innovation and data science
During our discussion, Jim shared a powerful perspective on decision-making for CISOs:
Better decisions stem from facts. While facts are becoming increasingly elusive in today’s world, it is a non-negotiable for cybersecurity experts. KPIs are fact-based and provide a clear picture of reality by design.
KPIs:
— Measure progress at a specific moment in time
— Help you make informed decisions and take action
When a KPI indicates a process is performing optimally, no action is needed. But when the results fall short, it's time for change. This is an opportunity to discuss improvements and support the process owner. By helping them implement necessary changes, we enhance security. KPIs help us rally stakeholders to avoid acting based on speculation.
This approach ensures that:
— Efforts are grounded in reality
— Resources are allocated effectively
— The right actions are prioritized
In a world where facts are often obscured, KPIs provide clarity.
