Data versus Measurement: Why Your Current Metrics Aren’t Enough It’s time to get away from just tracking click rates and completion times, and focus on building a comprehensive program that measures the full picture of human behavior in your organization. While most security leaders focus on tracking a set of KPIs, without context and correlation, these data points simply are not enough to move the needle on reducing cybersecurity risk. In order to meaningfully improve your organization’s security posture, it’s time to focus on measuring the right metrics in the context in which they matter. Attendees will take away common metric pitfalls to avoid, which data sets and metrics they should measure, where to get this data, and how to correlate these data points to see the bigger picture of human risk in their organization to drive quantifiable improvements in their security posture.

About Drew Rose

As Living Security's creative mastermind, Drew Rose combines his experience developing security programs and his love of game design to expertly craft immersive products. He seeks to engage end users and create excitement with his educational experiences and measurable outcomes. Drew is a CISSP with a Bachelors of Science in Cybersecurity who has spent years building and optimizing security programs in the public and private sectors. While serving in the military, Drew learned effective strategies for fighting cybercrime and earned a top-level security rating in the U.S. government. At Living Security, Drew applies his in-depth knowledge to reducing enterprise and personal risk by designing science-based, collaborative security awareness programs. Join US and Canada cyber community members at the inaugural Austin Cyber Show Conference at Concordia University Texas, May 10-11. During the two-day cyber defense conference, participants can engage in discussions with peer leaders and industry experts on the cyber risks and challenges that businesses, leaders, developers, educators, and students face each day.

AI Behavioral Analytics: More Data, Same Trap

AI-powered behavioral analytics platforms promise to measure security posture by tracking user behavior patterns, flagging anomalies, and generating risk scores automatically. These tools produce enormous volumes of data -- login cadence, file access patterns, lateral movement indicators, communication graphs. But the core problem Drew Rose describes has not gone away: correlation without causation, data without judgment. An AI system that flags 10,000 behavioral anomalies per day without context is not improving security posture; it is generating noise that erodes analyst attention.

The measurement discipline matters more in an AI-driven environment, not less. Organizations must still define what they are measuring, why it matters, and how it correlates with actual risk reduction. AI can accelerate the collection and pattern-matching, but the interpretation -- the gap between data and measurement -- still requires human judgment and organizational context. This convergence of AI analytics, human risk, and meaningful measurement is a recurring theme on the Morpheus Cyber podcast.

1019