Cyber resilience metrics that drive action 2026-06-10 at 09:55 By Help Net Security In this Help Net Security video, Pete Bowers, COO at NormCyber, explains how organizations can build a cyber resilience metrics program that supports better decisions. He questions common ways of measuring resilience, such as risk registers, tool scores, and annual tests, and […]
Cyber resilience metrics that drive action Read More »
Stop building security goals around controls 2026-03-18 at 09:27 By Mirko Zorz In this Help Net Security interview, Devin Rudnicki, CISO at Fitch Group, argues that security strategy fails when it loses its connection to business outcomes. Rudnicki walks through how to align security goals with corporate priorities, why CISOs must present risk in terms
Stop building security goals around controls Read More »
Cybersecurity spending keeps rising, so why is business impact still hard to explain? 2026-01-15 at 07:28 By Anamarija Pogorelec Cybersecurity budgets keep climbing, but many security leaders still struggle to explain what that spending delivers to the business. A new study by Expel examines that disconnect through a survey of security and finance executives at
Cybersecurity spending keeps rising, so why is business impact still hard to explain? Read More »
Turning cyber metrics into decisions leaders can act on 2026-01-13 at 09:01 By Help Net Security In this Help Net Security video, Bryan Sacks, Field CISO at Myriad360, explains how security leaders can measure cybersecurity in ways that matter to executives and boards. He argues that metrics should support decisions, not exist for reporting alone.
Turning cyber metrics into decisions leaders can act on Read More »
Prometheus: Open-source metrics and monitoring systems and services 2025-12-15 at 08:43 By Anamarija Pogorelec Prometheus is an open-source monitoring and alerting system built for environments where services change often and failures can spread fast. For security teams and DevOps engineers, it has become a common way to track system behavior, spot early warning signs, and
Prometheus: Open-source metrics and monitoring systems and services Read More »
The collapse of trust at the identity layer 2025-12-02 at 07:49 By Anamarija Pogorelec Identity verification has become the latest front in the fight against industrialized fraud, according to a new report from Regula. The shift is visible across sectors that once relied on predictable verification routines. Criminals have learned to target the identity step
The collapse of trust at the identity layer Read More »
What zero trust looks like when you build it step by step 2025-12-01 at 08:36 By Help Net Security In this Help Net Security video, Jonathan Edwards, Managing Director at KeyData Cyber, walks us through what practical zero trust adoption looks like in stages. He explains why he dislikes the term itself, then shifts to
What zero trust looks like when you build it step by step Read More »
How board members think about cyber risk and what CISOs should tell them 2025-11-26 at 07:11 By Help Net Security In this Help Net Security video, Jonathan Trull, EVP & CISO at Qualys, discusses which cybersecurity metrics matter most to a board of directors. Drawing on more than two decades in the field, he explains
How board members think about cyber risk and what CISOs should tell them Read More »
AI is forcing boards to rethink how they govern security 2025-11-12 at 10:44 By Anamarija Pogorelec Boards are spending more time on cybersecurity but still struggle to show how investments improve business performance. The focus has shifted from whether to fund protection to how to measure its return and ensure it supports growth. AI, automation,
AI is forcing boards to rethink how they govern security Read More »
Six metrics policymakers need to track cyber resilience 2025-10-09 at 07:48 By Anamarija Pogorelec Most countries are still making national cyber policy decisions without reliable numbers. Regulations often focus on incident reporting after damage is done, but they fail to give governments a forward-looking picture of resilience. A new report from Zurich Insurance Group argues
Six metrics policymakers need to track cyber resilience Read More »
Building a mature automotive cybersecurity program beyond checklists 2025-10-02 at 09:41 By Mirko Zorz In this Help Net Security interview, Robert Sullivan, CIO & CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing mature security programs, meeting regulatory requirements, and addressing supply chain risks. Sullivan also looks ahead to how
Building a mature automotive cybersecurity program beyond checklists Read More »
Why banks’ tech-first approach leaves governance gaps 2025-06-16 at 09:06 By Mirko Zorz In this Help Net Security interview, Rich Friedberg, CISO at Live Oak Bank, discusses how banks can better align cybersecurity efforts with broader cyber governance and risk priorities. Banking institutions often falter when cybersecurity is siloed as purely a technical or compliance
Why banks’ tech-first approach leaves governance gaps Read More »
Why IAM should be the starting point for AI-driven cybersecurity 2025-06-06 at 09:03 By Mirko Zorz In this Help Net Security interview, Benny Porat, CEO at Twine Security, discusses applying AI agents to security decisions. He explains why identity and access management (IAM) is the ideal starting point for both augmentation and automation, and shares
Why IAM should be the starting point for AI-driven cybersecurity Read More »
NIST proposes new metric to gauge exploited vulnerabilities 2025-05-26 at 08:06 By Help Net Security NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a
NIST proposes new metric to gauge exploited vulnerabilities Read More »
Want faster products and stronger trust? Build security in, not bolt it on 2025-04-29 at 08:42 By Mirko Zorz In this Help Net Security interview, Christopher Kennedy, CISO at Group 1001, discusses how cybersecurity initiatives are reshaping enterprise cybersecurity strategy. He explains why security must be embedded across IT, business lines, and product development, how
Want faster products and stronger trust? Build security in, not bolt it on Read More »
GitLab CISO on proactive monitoring and metrics for DevSecOps success 2025-01-09 at 07:32 By Mirko Zorz In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating security tools. He shares tips for maintaining development speed, fostering collaboration,
GitLab CISO on proactive monitoring and metrics for DevSecOps success Read More »
The evolution of security metrics for NIST CSF 2.0 2024-05-28 at 08:03 By Help Net Security CISOs have long been spreadsheet aficionados, soaking up metrics and using them as KPIs for security progress. These metrics have traditionally measured specific systems or single indicators — vulnerabilities detected, percentage of vulnerabilities patched, software and hardware asset inventory
The evolution of security metrics for NIST CSF 2.0 Read More »
Company executives can’t afford to ignore cybersecurity anymore 10/05/2023 at 06:00 By Help Net Security Asked about the Board and C-Suite‘s understanding of cybersecurity across the organisation, only 39% of respondents think their company’s leadership has a sound understanding of cybersecurity’s role as a business enabler, according to Delinea. The high cost of ignoring security
Company executives can’t afford to ignore cybersecurity anymore Read More »