Praise for The Metrics Manifesto We all collectively and urgently need to improve cybersecurity metrics and outcomes, and this book eliminates common excuses that data isn't available or is too hard to interpret. Its ideas are specific and can be actioned upon quickly by cybersecurity product builders as well as CISOs. -ANN IRVINE, Chief Data Scientist, Resilience Insurance Richard has pushed boundaries again, this time in how to think about the performance of security versus just the deployment of security. Understanding our attack surface and how we are actually exposed takes a new way of thinking, and The Metrics Manifesto is that playbook. -SEAN CATLETT, Chief Security Officer, Slack Relying on heuristics or leveraging antiquated security compliance frameworks to address complex systems such as an organization's security program is no longer cutting it today. To that end, The Metrics Manifesto is not simply a cookbook for security metrics, but also an eloquent and effective framework to help manage cyber security risks in the 21st century. -MARIO DUARTE, Vice President, Security, Snowflake This is a must-read for anyone looking to start or mature a security metrics program. Richard Seiersen's unique brand of storytelling, wit, and domain expertise once again makes a complex subject accessible and easy to understand for security practitioners and business leaders alike. - TONY MARTIN-VEGUE, Society of Information Risk Analysts (SIRA) board member and Chair of the San Francisco chapter of the FAIR Institute As the quip goes, in God we trust, all others must bring data. Richard's manifesto is a must-read for those who embrace this philosophy and want to apply it to an oft-misguided belief that our security controls work as intended. - SOUNIL YU, CISO, JupiterOne; Former Chief Security Scientist, Bank of America; and Creator of the Cyber Defense Matrix The Metrics Manifesto helps to answer that ever important question of 'How do you know?', not beyond the shadow of a doubt but in direct confrontation and embracement of doubt. It's a toolkit for any defender looking to advance from safe to safe(ER), moving beyond hope as a strategy and landing squarely into the capability of trust AND verify. - ANNE MARIE ZETTLEMOYER, Vice President, Security Engineering, Payments Industry