1: Learn to create and customize meaningful metrics that allow you to reduce exposure time and manage risk.
2: Understand how to map metrics to practical security controls so you can track progress, ROI and more.
3: Learn to more efficiently use security controls to discover indicators of compromise.
Understanding of industry-standard security controls. Experience or knowledge of managing a security operations center (SOC) would be helpful. An interest in policy-based decisions, over and above tactical and technical skills. But, individuals don’t need to be policy wonks. In fact, techies would greatly benefit from this discussion, as it will give them a perspective on how to use technical tools more efficiently. This includes getting more funding, and obtaining the ability to credibly discuss the value of their activities to the business.