Security Metrics: It’s All Relative

What a haircut taught me about communicating the value of security to executives and non-security professionals.

The other day, I learned a great lesson about security metrics while getting a haircut. Initially, this may sound like a bit of an odd statement, but I promise it will make sense in the end. The woman cutting my hair asked me: “Should I cut off one-half inch?” Putting aside my preference for the metric system and dislike of the imperial system, I found this question to be quite fascinating.

To the woman cutting my hair, the question was a scientific one. Depending on how I answered, she would choose the appropriate scissors and clippers and proceed accordingly. From my perspective, however, the question was meaningless, or at the very least, difficult to parse. I didn’t know how to answer because I have no idea what length I like my hair -- at least not in absolute terms like inches or centimeters.

What does this have to do with security metrics? Let’s begin to answer that question by examining the definition of the word “metrics.” A metric is defined as “a method of measuring something, or the results obtained from this.” In order for me to understand and subsequently answer the question, I had to translate into a method of measurement that I could understand. After a small amount of research, I learned that hair generally grows one-quarter inch per month. In the context of this example, the question translated into relative terms I could understand would be: “Should I cut off two months of growth?”

No hay comentarios.:

Publicar un comentario

Instagram @SchmitzOscar