March 27, 2019
Metricon X was held on March 21st and 22nd at the Stevens Institute of Technology in Jersey City, NJ. The theme of the conference was: “Metrics that Matters - Help Management with Decision Making and Improve Security Posture of the Organization.” The agenda, presented materials, notes, attendees and session descriptions follow. Chatham House Rules were in effect. Forty-eight (48) people attended.
Agenda # Day 1: March 21, 2019 # Opening Remarks — Andrew Jaquith, JP Morgan Chase and co-founder, Securitymetrics.
March 21, 2019
This is the nominal text of Andy Jaquith’s opening remarks for Metricon X, delivered on March 21, 2019. It has been lightly edited for clarity and a few identities have been slightly disguised. The views expressed in this speech do not necessarily reflect those of my present or past employers.
Welcome # I appreciate everybody coming today. It’s a great turnout for a conference that we rather deliberately did not advertise.
January 28, 2019
Metricon X will be held on March 21st and 22nd at the Stevens Institute of Technology in Jersey City, NJ.
The theme of the conference is: “Metrics that Matters - Help Management with Decision Making and Improve Security Posture of the Organization”
The agenda follows. Chatham House Rules apply.
Agenda # The location of Metricon X is the Babbio Center at the Stevens Institute of Technology, Castle Point on the Hudson, Hoboken, NJ.
February 5, 2014
Friday, February 28, 2014
Open reception/light refreshments Welcome! Metricon 8 recap & “Breaking the mold of security metrics” (Pete Lindstrom / Bob Rudis) Expecting the Unexpected: Using Public Vulnerability Data for Resource Planning (Kymberlee Price, BlackBerry Incident Response Team Incident Manager) Lunch & Unveiling Patterns within “Security Metrics” Methods for Large-scale Measurement of the Security of Internet Ecosystems (Christophe Huygens, Professor, Katholieke Universiteit Leuven) Measuring Third-party Security Risk (Stephen Boyer, BitSight) Seeing the Elephant – Using collected data points to design and roll out software initiatives (Geoffrey Hill, Artis-Secure) Behind The Curtains of the SilverSky Report (Andrew Jaquith, CTO, SilverSky) Behind The Curtains of the Verizon DBIR (Jay Jacobs, Verizon) Security, Visualized (Katherine Brocklehurst, Tripwire) Lightning Talks
November 25, 2013
Call for Papers for Metricon 9
Metricon is the annual conference dedicated to security metrics. We are excited to announce Metricon 9 — an all-day metrics workshop. We invite practitioners to present practical and novel approaches for measuring information security effectiveness.
When: Friday, February 28, 2014 (the Friday of RSA); All day event
Where: Near or at RSA; specific location TBD
Theme: Behind the Curtains: From Data to Insight
Attending # Metricon is free to attend, but conditional upon review of the program committee.
March 29, 2013
Metricon 8 was a one-day event, Friday, March 1, 2013, co-located with the RSA Security Conference, in San Francisco, WA. This page contains a description of the event, official proceedings, presentations, and the original CFP.
Program # Coffee and introductions – Pete Lindstrom Plenary workgroup scenarios and instructions – Pete Lindstrom Breakout sessions Data Breach Costs – Ben Shapiro, facilitator Malware Identification – Patrick Florer, facilitator Vulnerability Management – Andrew Jaquith, facilitator Systems Development Controls – Evan Wheeler, facilitator Information Security Program – Matthew Fleming, facilitator Cyber Security Risk – Bob Rudis, facilitator Business Impact – Myles Conley, facilitator CISO panel Jennifer Bayuk, Jennifer L Bayuk, LLC Fred Doolittle, Chevron Steve Dotson, Travelport Lightning talks, and lunch Sal Stolfo and Nathaniel Boggs, Columbia University – Measuring Defense in Depth Anton Chuvakin, Gartner – Can We Have Top 5 Security Metrics, Pleeeeeeeease?
August 19, 2012
Metricon 7 was a one-day event, Tuesday, August 7, 2012, co-located with USENIX, in Bellevue, WA. This page contains a description of the event, presentations, and the original CFP.
Program # Anton Chuvakin – Introduction to Metricon, security metrics and workshop goals David Severski – Even Giant Metrics Programs Start Small Panel – Rules of the road for useful security metrics Anoop Singhal, NIST – Panel sidenote Constantinos Patsakis, Universitat Rovira i Virgili – Measuring security with Sec Qua (full paper) Christopher Carlson – What we want to see in security metrics Panel – What we know to work in security metrics Steve Mckinney – Application Security Metrics We Use Jon Espenschied, Angela Gunn, Microsoft Trustworthy Computing Group – Threat Genomics and Threat Modeling (full paper) Conclusions, results and action items by Anton Chuvakin Summary
March 8, 2012
Mini-Metricon 6.5 was a one-day event, Monday, February 27, 2012, co-located with the RSA Conference, in San Francisco, CA. This page contains a description of the event, presentations, and the original CFP.
Program # Keynote
Alessandro Acquisiti, CMU, The Value of Privacy Human-in-the-loop Panel and Presentations
Bob Rudis and Albert Yin, Liberty Mutual – Using Peer Pressure to Improve Security KPIs Steve Kruse and Bill Pankey, RSA – Assessing User Awareness Bryan Ware, Digital Sandbox – Evaluating Pattern of Life Indicators to Prioritize Monitoring of Potential Insiders Lightning Talks and Lunch Break
August 9, 2011
Metricon 6 was a one-day event, Tuesday, August 9, 2011, co-located with USENIX, in San Francisco, CA. This page contains a description of the event, presentations, and the original CFP.
Program # Richard Seiersen, Kaiser Permanente – Operation Risk Management Richard Lippmann, James Riordan, Cyber Systems and Technology Group, MIT Lincoln Laboratory – Critical Control Security Metrics for Continuous Network Monitoring Wendy Nather, 451 Group – Quantifying the Unquantifiable: When Risk Gets Messy Brian Keefer, Jared Pfost – Moneysec: Applying the “Moneyball” philosophy to information security metrics Ed Bellis, HoneyApps – That’s So Meta: Gleaning Business Context In The Vulnerability Warehouse Joshua Corman, Akamai – “Shall we play a game?
July 28, 2011
Mini-Metricon 5.5 was a one-day event, Monday, February 14, 2011, co-located with the RSA Conference, in San Francisco, CA. This page contains a description of the event, presentations, and the original CFP.
Program # Wade Baker and Alex Hutton, Verizon Business – Veris Data/Veris Community Chris Eng, Veracode – Critical Consumption of Infosec Stats Juhani Eronen, CERT-FI, Finnish Communications Regulatory Authority – On (Automated) Incident Reporting Christian Frühwirth, Aalto University Finland and Christian Proschinger, Otmar Lendl, CERT.