November 8, 2023
The website has been moved from a self-managed server to the serverless GitHub Pages. Content is now generated by Hugo rather than the the Jekyll-based Octopress. The mailing list is no longer available.
All historical content, including all Metricon event information and presentations, remains available; see the menu on the left side of the page. Historical mailing list archives may be added at a future time. With a few minor exceptions, permalinks from 2013 onward should still work.
...
March 27, 2019
Metricon X was held on March 21st and 22nd at the Stevens Institute of Technology in Jersey City, NJ. The theme of the conference was: “Metrics that Matters - Help Management with Decision Making and Improve Security Posture of the Organization.” The agenda, presented materials, notes, attendees and session descriptions follow. Chatham House Rules were in effect. Forty-eight (48) people attended.
Agenda # Day 1: March 21, 2019 # Opening Remarks — Andrew Jaquith, JP Morgan Chase and co-founder, Securitymetrics.
...
March 21, 2019
This is the nominal text of Andy Jaquith’s opening remarks for Metricon X, delivered on March 21, 2019. It has been lightly edited for clarity and a few identities have been slightly disguised. The views expressed in this speech do not necessarily reflect those of my present or past employers.
Welcome # I appreciate everybody coming today. It’s a great turnout for a conference that we rather deliberately did not advertise.
...
January 28, 2019
Metricon X will be held on March 21st and 22nd at the Stevens Institute of Technology in Jersey City, NJ.
The theme of the conference is: “Metrics that Matters - Help Management with Decision Making and Improve Security Posture of the Organization”
The agenda follows. Chatham House Rules apply.
Agenda # The location of Metricon X is the Babbio Center at the Stevens Institute of Technology, Castle Point on the Hudson, Hoboken, NJ.
...
February 5, 2014
Friday, February 28, 2014
Open reception/light refreshments Welcome! Metricon 8 recap & “Breaking the mold of security metrics” (Pete Lindstrom / Bob Rudis) Expecting the Unexpected: Using Public Vulnerability Data for Resource Planning (Kymberlee Price, BlackBerry Incident Response Team Incident Manager) Lunch & Unveiling Patterns within “Security Metrics” Methods for Large-scale Measurement of the Security of Internet Ecosystems (Christophe Huygens, Professor, Katholieke Universiteit Leuven) Measuring Third-party Security Risk (Stephen Boyer, BitSight) Seeing the Elephant – Using collected data points to design and roll out software initiatives (Geoffrey Hill, Artis-Secure) Behind The Curtains of the SilverSky Report (Andrew Jaquith, CTO, SilverSky) Behind The Curtains of the Verizon DBIR (Jay Jacobs, Verizon) Security, Visualized (Katherine Brocklehurst, Tripwire) Lightning Talks
November 25, 2013
Call for Papers for Metricon 9
Metricon is the annual conference dedicated to security metrics. We are excited to announce Metricon 9 — an all-day metrics workshop. We invite practitioners to present practical and novel approaches for measuring information security effectiveness.
When: Friday, February 28, 2014 (the Friday of RSA); All day event
Where: Near or at RSA; specific location TBD
Theme: Behind the Curtains: From Data to Insight
Attending # Metricon is free to attend, but conditional upon review of the program committee.
...
August 20, 2013
I am pleased to announce that securitymetrics.org has moved to a new virtual hosting system. The primary benefit is that we have a new mailing list server that uses Mailman, rather than Majordomo. Other changes include:
Members will receive copies of their own posts (!). The #1 question I used to get was, “was my post actually sent to the list?” That is because Majordomo didn’t send a copy to the sender.
...
August 15, 2013
Changes are coming to securitymetrics.org. We are moving to a new hosting environment and mailing list system. More details soon.
March 29, 2013
Metricon 8 was a one-day event, Friday, March 1, 2013, co-located with the RSA Security Conference, in San Francisco, WA. This page contains a description of the event, official proceedings, presentations, and the original CFP.
Program # Coffee and introductions – Pete Lindstrom Plenary workgroup scenarios and instructions – Pete Lindstrom Breakout sessions Data Breach Costs – Ben Shapiro, facilitator Malware Identification – Patrick Florer, facilitator Vulnerability Management – Andrew Jaquith, facilitator Systems Development Controls – Evan Wheeler, facilitator Information Security Program – Matthew Fleming, facilitator Cyber Security Risk – Bob Rudis, facilitator Business Impact – Myles Conley, facilitator CISO panel Jennifer Bayuk, Jennifer L Bayuk, LLC Fred Doolittle, Chevron Steve Dotson, Travelport Lightning talks, and lunch Sal Stolfo and Nathaniel Boggs, Columbia University – Measuring Defense in Depth Anton Chuvakin, Gartner – Can We Have Top 5 Security Metrics, Pleeeeeeeease?
...
August 19, 2012
Metricon 7 was a one-day event, Tuesday, August 7, 2012, co-located with USENIX, in Bellevue, WA. This page contains a description of the event, presentations, and the original CFP.
Program # Anton Chuvakin – Introduction to Metricon, security metrics and workshop goals David Severski – Even Giant Metrics Programs Start Small Panel – Rules of the road for useful security metrics Anoop Singhal, NIST – Panel sidenote Constantinos Patsakis, Universitat Rovira i Virgili – Measuring security with Sec Qua (full paper) Christopher Carlson – What we want to see in security metrics Panel – What we know to work in security metrics Steve Mckinney – Application Security Metrics We Use Jon Espenschied, Angela Gunn, Microsoft Trustworthy Computing Group – Threat Genomics and Threat Modeling (full paper) Conclusions, results and action items by Anton Chuvakin Summary
...