ENGAGEMENT
DayBlink Consulting designed a robust security analytics and metrics program for the CISO, Chief Legal Officer and CTO of a large national bank to better understand critical cybersecurity, asset management and spending information. These analytics enabled more actionable insight into cybersecurity and technology risk factors.
PROBLEM
The CTO requested current, actionable data from the CISO and Chief Legal Officer (CLO). While the bank had numerous dashboards, they were mostly managed by individual contributors and small teams in Excel, (stored locally and/or in a random assortment of locations) who were unable to produce useful and timely analytics and metrics. These requests, which required a flurry of activity to validate, clean and sanitize, were typically out of date, incomplete, and presented ineffectively. Despite this, money was still being invested in automation, analytics and a variety of tools and platforms. The new CISO desired a clearer understanding of cyber performance and technology risk. The Chief Legal Officer sought more timely updates and relevant information to present to the Board of Directors. The team could not easily quantify the impact and results of decisions, which limited what could confidently be provided to the leadership.
The bank had all of the relevant security systems, but each was individually managed and reported on. Data was not combined, correlated or otherwise linked between systems to offer deeper insights. The system architecture was generic, and while the organization had data lake and analytic teams, they were both managed outside of security. Thus, there was little incentive for security team members to do extra work to send their data to a central repository, in fact, such action would create more work for them, to protect and analyze that information. Instead, team members crafted bespoke reports in response to specific requests for information.
SOLUTION
DayBlink Consulting reviewed the existing metrics and interviewed the team to identify existing pain points and their desired future analytical goals. We executed every step, beginning with data identification and continuing to analytics design, data ingestion and visualization. We developed a solution architecture to feed PowerBI visualizations. Simultaneously, we designed wireframes to align on design and incorporate team feedback and enhancement requests. Leveraging PowerBI and automated ingest procedures, the initiative crafted security analytics and constructed automated dashboards. We created views to blend datasets and pull in additional logic as needed. Over two months, we developed more than 30 published metrics (each requiring underlying analytics) across 10 dashboards for a variety of stakeholders to analyze performance and guide future decision-making. Metrics included overall cyber risk quantification, controls effectiveness, security tool adoption by team/organization, employees at risk for Phishing, and crown jewels susceptibility.
We documented all processes, procedures and methodologies in the program to enable the client team to maintain this effort after we completed the engagement (including a robust backlog of 50+ additionally requested metrics slated for future development). Finally, we delivered analytic and dashboard demos for key stakeholders to train everyone on usage and ensure that the effort would continue.
RESULT
The CISO, CRO and CTO developed a deeper understanding of their Cyber Risk posture, and used data from dashboards in weekly meetings to communicate it to their organizations. The CISO confidently developed her strategic and financial plan grounded in historical data. With quantified insight into actual team member performance (based on trends in their risk quantifications), several team members received additional coaching and/or internal job realignment, resulting in greater confidence in the team and improved performance.
After the personnel moves, renewed confidence in the team and its performance meant less administrative load for the leadership (the analytics provided far clearer insight than the previous 1:1 sessions). To maintain the effort going forward, the bank decided to task a full time cyber engineer with supporting and further expanding the program – a testament to the value recognized by the senior leadership team.