Alex Hutton


IT Security Metrics: The Enterprise FUD Killer

One of the greatest knocks on the information security profession is that IT security is always asking for budget to spend against the latest threat, only to abandon the cause like harried firefighters, jumping from one conflagration to the next.

Zombies, Baseball and IT Security

How is defending your network and users from sophisticated cyber attacks like fending off a zombie invasion? Funny you should ask! In an interview with Threatpost Editor Paul Roberts, Josh Corman, the Research Director in the Enterprise Security Practice at the 451 Group reprises a 2011 RSA Conference presentation, with security luminary Alex Hutton, “Metrics are Bunk: The Zombie Apocalypse, Baseball, and Security Metrics.”


By Alex HuttonRecently, I’ve heard some bits and pieces about how Information
Security (InfoSec) can be “threat-centric” or “vulnerability-centric”.
 This stuck me funny for a number of reasons, mainly  it showed a basic
bias towards what InfoSec *is*. And to me, InfoSec is too complex to be
described as “threat-centric” or “vulnerability-centric” and yet still
simple enough to be described at a high level in a few paragraphs in a
blog post. So I thought I’d write a “primer” post on what InfoSec is to
create a reference point.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.