ENGAGEMENT
For the security team at a large media company, DayBlink Consulting was hired to design a cybersecurity metrics program, providing senior leadership with invaluable insights into a range of security-related metrics. Our solution eventually employed Kafka for efficient real-time data streaming, SQL and Python for data processing and analytics construction, and Looker to create dynamic dashboards for senior leadership. The solution facilitated informed decision-making and also fostered a culture of friendly competition among senior executives and their teams.
PROBLEM
Six separate security teams each maintained team-specific applications while the HR team controlled the HRIS and the CIO organization controlled the asset registry, creating a complex, distributed set of data unavailable to security decision makers. (Security data existed across more than 50 different systems and applications.) Several security teams sought integrated reporting combining security data (e.g. password manager usage) with org structure (HRIS) so they could message and nudge teams to adopt better security practices. The data in each system was stored and updated differently, creating a tremendous amount of error when attempting to find and match users/identities between systems.
SOLUTION
DayBlink Consulting collected business requirements and proposed a development roadmap for appropriate future state metrics. The team then determined points of automation & integration, obtained access to platform APIs, constructed future state architecture and built MySQL data structures with 25 new API integrations. Next we built integrations using a combination of Amazon RDS & DynamoDB, AWS Lambda & Python Scripting, AWS IAM, Systems Manager, EC2, VPC & Subnets for environment setup, AWS S3 and Looker for visualization. The architecture allowed for new data feeds, new analytics and easy to develop future dashboards. We finally documented SOPs & runbooks so the internal team could maintain the effort after the project closed.
RESULT
As one example, password manager tool usage improved to nearly 100% within 6 months after the new dashboards went live. The automated and near-real time metrics were used by senior leadership to drive more effective decision making. 75+ new metrics and KPIs were provided to a variety of teams and leaders throughout the organization, enabling quicker and more accurate decisions. Unexpectedly, teams began competing internally to generate better outcomes as tracked and published in team reports. Finally, non-security executives began consistently requesting and evaluating cyber metrics.