Sign in Subscribe

Brian Weidner

Brian Weidner

Choosing the Right Information Security Metrics: How Visual Management and Gemba Boards Drive Continuous Improvement

Choosing the Right Information Security Metrics: How Visual Management and Gemba Boards Drive Continuous Improvement

In information security, it’s easy to collect data—mean time to detect, vulnerabilities closed, incident counts, patch compliance, control coverage—the list can feel endless. Yet too often, those numbers wind up in static dashboards or slides that are reviewed quarterly, rarely influencing daily decisions. The real power of

Why MTTR Is One of the Most Important Metrics in Cybersecurity

Why MTTR Is One of the Most Important Metrics in Cybersecurity

When organizations talk about cybersecurity metrics, the conversation often gravitates toward prevention: number of blocked attacks, vulnerability counts, or patching SLAs. While those indicators matter, they frequently miss the most important reality of modern security operations: Incidents will happen. In today’s threat landscape, resilience matters more than perfection. That

How to Motivate Cybersecurity Teams with Stretch Assignments (10–20% Time Model)

How to Motivate Cybersecurity Teams with Stretch Assignments (10–20% Time Model)

Motivating a cybersecurity team is one of the hardest challenges for security leaders. The work is high-pressure, threat-driven, and often reactive. Alerts never stop. Incidents pile up. Over time, even strong teams can lose momentum. One of the most effective—and underused—ways to improve engagement, retention, and

Turning a Gemba Board Into Real, Weekly Security Improvement

In the world of security operations, we often talk about metrics — detection times, vulnerability remediation, incident counts, backlog ages. The Driving Real Security Improvement with a Gemba Board post does a great job of outlining how a Gemba board makes these metrics visible to the team and shifts ownership of

Driving Real Security Improvement with a Gemba Board

Driving Real Security Improvement with a Gemba Board

In information security, we talk a lot about metrics. Mean time to detect, vulnerabilities closed, incidents resolved, backlog aging, control coverage—the list goes on. But too often, those metrics live in dashboards that few people check, or in reports reviewed once a month and quickly forgotten. A Gemba board

When Leadership Says “Keep Us Safe”: Finding Cyber Risk Tolerance in the 10-K

One of the most common questions cybersecurity professionals ask executive leadership is: “What is the organization’s risk tolerance when it comes to cyber risk?” And one of the most common answers they get back is: “Keep us safe.” “Don’t let a breach happen.” While well-intended, these answers

Asset Management - Physical Devices - What do you have? Do you know?

Asset Management - Physical Devices - What do you have? Do you know?

Asset management and inventorying your physical systems, we all know we should do it, and I am sure most try. I am not going to talk about the should have, would have or could have. Instead, I am going to focus on the risks associated with the NIST CSF control