“AN IDEAL CISO WOULD HAVE THE RIGHT INFRASTRUCTURE IN PLACE TO HAVE THEIR SME’S FULLY FOCUSED ON THE IMPROVING SECURITY OF THEIR ENTERPRISE WHILE THEY ARE THERE TO PRIORITIZE, SET GOALS, UNDERSTAND BENCHMARKS, AND DRIVE THEIR ORGANIZATION FOR GREATER EFFICIENCY AND TO ATTAIN THE SUPPORT OF THE REST OF THE ORGANIZATION.”
Hi Shirley, please tell us about your journey into the cyber sec space and how you started at SeeMetrics.
I’m sure some of your readers are a bit surprised to read that I am the CEO of a cyber startup. The “typical” cyber company CEO usually has a cyber background (in Israel that usually means they served in specific elite units in the military which provided them with the expertise to excel in the cyber field) and they are usually men. I am a woman who did not come from the cyber world, and in that lies my strength, in my opinion. In my previous roles I worked with C-suite and senior government executives. One of my main roles was to tell a technology story in the simplest way to non-technical audiences.
SeeMetrics is doing just that: translating the complexity of cybersecurity operations to a language that business colleagues and other leaders can easily understand. In a world in which cybersecurity is becoming more front and center to business management and risk, security and business alignment is a critical challenge to solve.
With my background in commercial marketing, coupled with my partners’ deep security and data expertise, we wanted to tackle this issue by providing security leaders with a simple way to consolidate data for management purposes and allow for a bridge from the complex, diverse and cumbersome operations stack to what management, boards and business leaders need to know. Today, there’s still a major gap in terms of the amount of data available and the leadership’s ability to derive insights.
When we founded SeeMetrics, we tried to think about what’s missing that would relieve the work of the CISO office. Playing into our strengths, we decided to focus on the interface of data and security. While CISOs continue to experience increased pressure and expectations to show value, they are flying without a cockpit. They have no centralized source of performance insights that drive management for so many of their peers in sales, marketing, finance, etc., such as HubSpot and Salesforce.
What is SeeMetrics? What kind of problems do you solve for your customers?
SeeMetrics is a Gartner-recognized Cybersecurity Performance Management (CPM) platform that allows security leaders to measure, track, and improve stack performance based on data derived directly from the stack. With real-time performance insights, security leaders can crystallize the value of the security programs and communicate it to the rest of the organization and the board of directors, as they now rely on one source of truth with historical trends, benchmarks, and KPIs that align with the business.
Better performing and more efficient security programs free up time and resources, helping CISOs and security leaders focus on strategy and larger goals, and lead with more confidence.
We have transformed the way security leaders measure, track, and improve cyber security performance so they can automatically leverage insights derived directly from one source of truth and with a set of out-of-the box metrics that align business and security context.
Currently, CISOs are at a distinct disadvantage.
While they are increasingly expected to be business enablers and ensure business continuity even after harmful cyber attacks, they’re not nearly as well-equipped with insights as other leaders. Finance, sales, marketing, you name it – these executives have centralized feeds of insights.
For CISOs, the stakes of accountability are arguably even higher than those of their colleagues – yet they’re still navigating in the dark. They’ve got only limited visibility into how their tools are performing, no infrastructure for measurements, no common perspective, and no way of understanding what needs critical attention.
Furthermore, they are currently managing performance either by manually collecting data (heavily reliant on security SMEs and analysts, outsourcing to consultants (very expensive and unrealistic to do this more than once per year), or building their own in-house metrics programs which cost millions and years to build and maintain. SeeMetrics solves this problem by providing security leaders with real-time and continuous performance insights about their organization based on data driven directly from the stack.
What is an ideal security stack to deal with modern threats? Could you please provide some examples from your case studies and customer stories?
There’s this old saying that “you can’t manage what you can’t measure”.
A modern stack is one where the various stakeholders gain simple visibility and understanding required for their governance. The shift from on-prem to cloud has been a major enabler but it’s coming with its own set of challenges and risks in terms of data governance and defensibility of their organization. The new “ideal” for the modern stack is for it to be manageable and cost effective. As an example, one of our customers shared their new code protection too with us. From a compliance perspective, they’ve done the minimum required to demonstrate what’s needed to “check the box”.
But, from a security perspective, they’ve yet to hire the needed team to properly support the tool. And with recession budgets, they are waiting with hiring for later in 2023. This is a true example of the right thinking by a security leadership but the limitation of resources prevents them from being fully equipped for current threats.
One of SeeMetrics’ contributions to this challenge is our ability to map out a roadmap for closing gaps, reducing risks and rationalizing stack, to ease the work of the CISO as they go out and discuss budgets and prioritizations.
Could you tell us more about the current trends in the IT and Cloud security performance management?
There are so many cyber tools today as the average global organization has 60+ security monitoring solutions in place, constituting an almost unmanageable security stack that generates massive amounts of data nonstop.
The emergence of the Cybersecurity Performance Management category is a validation of the need to measure and communicate what is actually happening in the security organization. Yet as CISO accountability expanded, the focus shifted from reporting performance, to leveraging performance and managing according to that performance. This is transforming CPM into a part of the CISOs day-to-day management toolkit. Measuring performance allows us to continuously improve progress by focusing on the most critical areas.
Today, most of the performance solutions are manual and only provide a static glimpse in time. SeeMetrics is providing the full journey from data consolidation to roadmap planning, giving CISOs the insights to measure technologies, processes, and people in real time, with historical context and based on business-driven KPIs.
This is a challenging process for organizations.
The first hurdle is to get all the data into one place, into what’s called a security data lake.
Since the data is in various formats and structures this is a very difficult process that relies on data engineers and analysts to manage and maintain. Not only is the data overwhelming, but it also has to be consolidated and normalized. And once the noise has been reduced, there is no standardized set of measurements to create a cohesive story about what is happening in the organization’s security. Most companies turn to analysts and engineers that perform manual work to prepare a snapshot static report or build an in-house performance program.
Please tell us more about Cybersecurity Performance Boards. How does it strengthen the modern data infrastructure management of an IT organization?
Organized by security domains, the new Cybersecurity Performance Boards are a collection of out-of-the box metrics that empower security leaders to measure the performance of their technologies, processes, and people in real time. We are the first ever data platform that drives cybersecurity performance assessment directly from the operational stack and “inside the perimeter”.
With SeeMetrics’ Cybersecurity Performance Boards, cybersecurity executives and operational teams gain a centralized and business-aligned view of measurements, metrics, and Key Performance Indicators (KPIs), which shows trends, risks, and historical context. The SeeMetrics boards help to build a proactive and preventative approach to detecting emerging risks and gaps. Among SeeMetrics’ Cybersecurity Performance Boards are Vulnerability Management, Endpoint Protection, Identity Management, Mail Security, Security Awareness, and Incident Response.
Whereas other C-suite leaders such as those of finance, sales, and marketing are already using integrated data platforms such as CRM and ERP, most CISOs, CIOs and security leaders have yet to adopt a centralized tool that streamlines data points from dozens of operational security tools into an executive view. This means they are left without the ability to instantly know the state of their operations, what is trending, what has changed, which capabilities are currently missing, overlapping or underperforming, and how that impacts the overall performance.
SeeMetrics’ new Boards provide a bird’s eye view of overall capabilities and security tools, and also come with explorable depth: behind every Board is drill-down data that is trackable back to its source. The Boards make cybersecurity goals and progress quantifiable and more visible to immediate decision makers, along with helping security leaders to communicate in a relatable language on progress and trends to different stakeholders such as executives and board members.
How do you see the growing instance of Cyber performance management influencing modern CISO’s corporate security strategies?
When we launched SeeMetrics and discussed CPM and driving metrics from the stack it was still a hard-to-digest idea. Compliance was still very much dominant and our concept was yet to fit to a specific known box.
Today there’s a clear understanding of the need; we are seeing a few competitors emerge or other innovative ideas seeking to equip the CISO and their team with direct line of communications to their ops while eliminating the huge investment going into data digest processes.
Once implemented, CPM platforms serve as the management data hub for the CISO office. All in one place, all recommendations are driven from the stack allowing executives and ops to refocus back on their core missions rather than the cumbersome process of collecting the data, aligning measurements and KPIs.
Think of the amount of hours organizations put into creating a single source for accounts and finance management. CPM platforms have inspired the idea of having one central hub all across the security org. When it comes to management, tracking, KPIs and planning, it includes anything from weekly internal tracking of progress and identifying who’s lagging behind all the way to extracting data for boards and auditors, but all in a very simple manner.
What kind of planning and execution should a CISO have in place for cybersecurity management?
CISOs need to be able to govern their security organization. With an ever-changing environment of threats and tech, it is a great challenge to stay up to speed.
The lack of manpower in the cyber space eventually lands on the CISO’s desk either through insufficient personnel or efforts diverted into developing emerging talent. This is mainly due to the fact that cyberspace is rather new and still evolving; yet the accountability over the CISOs’ shoulders increased . Many of the CISO we speak with are putting out fires rather than investing time in proper, long-term planning as they would have wanted to. This is simply the nature of a fast growing space.
An ideal CISO would have the right infrastructure in place to have their SME’s fully focused on the improving enterprise security while they are there to prioritize, set goals, understand benchmarks, and drive their organization for greater efficiency and to attain the support of the rest of the organization. With these three capabilities, i.e., track performance, communicate progress and confidently bring the right data when needed, CISOs will have the support of other senior stakeholders regarding the budget and resources.
Any advice you would like to provide to the CISOs dealing with board members?
The common denominator we see across CISOs we speak with is, keep it simple and provide us data we can work with. The number of phishing attacks on the company is a meaningless number unless we understand how it is trending over time, where it is trending, what the impact on the organization was, and what the plan forward is.
In this aspect, SeeMetrics provides a very, very simple mindset to help security leaders drive discussions based on real-time data that is coupled with automatic planning suggestions. This puts the CISO in a much higher position when it comes to communication with peers – from the data to the metrics, the trends, and all the way to the proposed action plan, everything is now in front of them.