Not All Security Metrics Are KPIs, With Jim Routh

April 10, 2024

On the latest episode of the Vigilance podcast, I had the pleasure of speaking with Jim Routh. Jim is a renowned cybersecurity expert with a wealth of experience, including:

— Serving as CISO at six different organizations

— Board memberships at FS-ISAC and H-ISAC

— Advising roles with cybersecurity and IT companies

— Teaching cybersecurity at NYU

— Mentoring CISOs

He brings unique insights to the conversation through his expertise in:

— Applying risk management discipline to global enterprises

— Designing security controls using innovation and data science

During our discussion, Jim shared a powerful perspective on decision-making for CISOs:

Better decisions stem from facts. While facts are becoming increasingly elusive in today’s world, it is a non-negotiable for cybersecurity experts. KPIs are fact-based and provide a clear picture of reality by design.


— Measure progress at a specific moment in time

— Help you make informed decisions and take action

When a KPI indicates a process is performing optimally, no action is needed. But when the results fall short, it's time for change. This is an opportunity to discuss improvements and support the process owner. By helping them implement necessary changes, we enhance security. KPIs help us rally stakeholders to avoid acting based on speculation.

This approach ensures that:

— Efforts are grounded in reality

— Resources are allocated effectively

— The right actions are prioritized

In a world where facts are often obscured, KPIs provide clarity.

Recent Episodes

Stay informed on the most up-to-date news and learnings in cybersecurity.
Presented by
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Copyright © 2024 The Roundtable Network. All rights reserved.
Now Live: "Vigilance" Podcast. Watch or Listen Now.