Question: What does the “P” in cybersecurity performance management mean? How do we measure performance?
Shirley Salzman, CEO and co-founder at SeeMetrics: Attributed to Greek philosopher Socrates, the aphorism “know thyself” reminds us that to comprehend the world around us, we must first understand ourselves. Similarly, in cybersecurity, a crucial first step to assessing is knowing ourselves — understanding not only our capabilities, but how effectively we’re applying them.
In theory, the cybersecurity performance management (CPM) model offers security leadership a simple way to know themselves — as well as to communicate and collaborate with peers and executives in a complex, siloed ecosystem.
In practice, there’s a hitch. How can a CISO create a streamlined performance narrative without a single source of truth? Today, CISOs need to rely on a complex web of narratives made up of disparate metrics, different contexts, and no single standard for measuring performance.
This makes getting answers to key questions nearly impossible: How are my security programs performing? How prepared are we for threats? Performance should be derived from a uniform set of measurements, metrics and KPIs. Yet currently, these simply don’t exist.
And this is what Socrates has to do with CPM. The “P” in CPM has become a central tenet in the CISO’s “know thyself” ethos, transforming CPM into a part of the day-to-day management toolkit. Because knowing is the first step to not only communicating, but also managing.
Breaking Down the P in CPM
In the spirit of “know thyself,” let’s break down “performance.” What do CISOs need to know? Performance comprises four key areas:
Toward a Unified, Collaborative Security Organization
Security leaders need to leverage the P in CPM to build a more unified and collaborative security organization — sharing insights, defining more realistic goals, and tracking progress.
Just like Socrates urged us to know ourselves, it’s time for security leaders to rethink the role of performance. It’s no longer sufficient to report performance — it’s time to leverage it for better management, too. By focusing on the P in CPM, security leaders can markedly enhance both cybersecurity operations and overall security performance.