Why Not All Metrics Are Created Equal

OVERVIEW

As blue team professionals, we often hear about the importance of metrics and how they can help measure the effectiveness of our efforts and help create more mature security operations. However, it is important to remember that not all metrics are created equal, and some, if not most of the widely shared ones, can even be harmful to security teams if used incorrectly and help spread burnout at high rates. This is why I feel we all need to take a step back and carefully consider the metrics that we use to evaluate the performance of our security teams.

In this talk, I will go over metrics that provide great insight into a team’s performance or maturity levels, while also not promoting bad habits or spreading burnout on blue teams. I will use the great insight Gitlab’s cybersecurity team (no affiliation) shares via their public performance indicators as a base, and provide more ideas on sustainable and helpful metrics to use in this our industry.