What do you think?
Rate this book
Data-Driven Cybersecurity: Reducing risk with proven metrics
Measure, improve, and communicate the value of your security program.
Every business decision should be driven by data—and cyber security is no exception. In Data-Driven Cybersecurity, you'll master the art and science of quantifiable cybersecurity, learning to harness data for enhanced threat detection, response, and mitigation. You’ll turn raw data into meaningful intelligence, better evaluate the performance of your security teams, and proactively address the vulnerabilities revealed by the numbers.
Data-Driven Cybersecurity will teach you how
• Align a metrics program with organizational goals
• Design real-time threat detection dashboards
• Predictive cybersecurity using AI and machine learning
• Data-driven incident response
• Apply the ATLAS methodology to reduce alert fatigue
• Create compelling metric visualizations
Data-Driven Cybersecurity teaches you to implement effective, data-driven cybersecurity practices—including utilizing AI and machine learning for detection and prediction. Throughout, the book presents security as a core part of organizational strategy, helping you align cyber security with broader business objectives. If you’re a CISO or security manager, you’ll find the methods for communicating metrics to non-technical stakeholders invaluable.
Foreword by Joseph Steinberg.
About the technology
A data-focused approach to cybersecurity uses metrics, analytics, and automation to detect threats earlier, respond faster, and align security with business goals.
About the book
Data-Driven Cybersecurity shows you how to turn complex security metrics into evidence-based security practices. You’ll learn to define meaningful KPIs, communicate risk to stakeholders, and turn complex data into clear action. You’ll begin by answering the important what makes a “good” security metric? How can I align security with broader business objectives? What makes a robust data-driven security management program? Python scripts and Jupyter notebooks make collecting security data easy and help build a real-time threat detection dashboards. You’ll even see how AI and machine learning can proactively predict cybersecurity incidents!
What's inside
• Improve your alert system using the ATLAS framework
• Elevate your organization’s security posture
• Statistical and ML techniques for threat detection
• Executive buy-in and strategic investment
About the reader
For readers familiar with the basics of cybersecurity and data analysis.
About the author
Mariano Mattei is a professor at Temple University and an information security professional with over 30 years of experience in cybersecurity and AI innovation.
Table of Contents
Part 1 Building the foundation
1 Introducing cybersecurity metrics
2 Cybersecurity analytics toolkit
3 Implementing a security metrics program
4 Integrating metrics into business strategy
Part 2 The metrics that matter
5 Establishing the foundation
6 Foundations of cyber risk
7 Protecting your assets
8 Continuous threat detection
9 Incident management and recovery
Part 3 Beyond the Advanced analytics, ma
Every business decision should be driven by data—and cyber security is no exception. In Data-Driven Cybersecurity, you'll master the art and science of quantifiable cybersecurity, learning to harness data for enhanced threat detection, response, and mitigation. You’ll turn raw data into meaningful intelligence, better evaluate the performance of your security teams, and proactively address the vulnerabilities revealed by the numbers.
Data-Driven Cybersecurity will teach you how
• Align a metrics program with organizational goals
• Design real-time threat detection dashboards
• Predictive cybersecurity using AI and machine learning
• Data-driven incident response
• Apply the ATLAS methodology to reduce alert fatigue
• Create compelling metric visualizations
Data-Driven Cybersecurity teaches you to implement effective, data-driven cybersecurity practices—including utilizing AI and machine learning for detection and prediction. Throughout, the book presents security as a core part of organizational strategy, helping you align cyber security with broader business objectives. If you’re a CISO or security manager, you’ll find the methods for communicating metrics to non-technical stakeholders invaluable.
Foreword by Joseph Steinberg.
About the technology
A data-focused approach to cybersecurity uses metrics, analytics, and automation to detect threats earlier, respond faster, and align security with business goals.
About the book
Data-Driven Cybersecurity shows you how to turn complex security metrics into evidence-based security practices. You’ll learn to define meaningful KPIs, communicate risk to stakeholders, and turn complex data into clear action. You’ll begin by answering the important what makes a “good” security metric? How can I align security with broader business objectives? What makes a robust data-driven security management program? Python scripts and Jupyter notebooks make collecting security data easy and help build a real-time threat detection dashboards. You’ll even see how AI and machine learning can proactively predict cybersecurity incidents!
What's inside
• Improve your alert system using the ATLAS framework
• Elevate your organization’s security posture
• Statistical and ML techniques for threat detection
• Executive buy-in and strategic investment
About the reader
For readers familiar with the basics of cybersecurity and data analysis.
About the author
Mariano Mattei is a professor at Temple University and an information security professional with over 30 years of experience in cybersecurity and AI innovation.
Table of Contents
Part 1 Building the foundation
1 Introducing cybersecurity metrics
2 Cybersecurity analytics toolkit
3 Implementing a security metrics program
4 Integrating metrics into business strategy
Part 2 The metrics that matter
5 Establishing the foundation
6 Foundations of cyber risk
7 Protecting your assets
8 Continuous threat detection
9 Incident management and recovery
Part 3 Beyond the Advanced analytics, ma
352 pages, Paperback
Published September 9, 2025
6 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
September 14, 2025
Introduction: Bridging the Gap Between Data and Defense
In the modern cybersecurity landscape, the challenge is no longer just about collecting data, but about transforming it into actionable intelligence. Mariano Mattei's Data-Driven Cybersecurity: Reducing Risk with Proven Metrics serves as a comprehensive and eminently practical guide to this very challenge. As a seasoned professional in Identity and Access Management (IAM), I find the book’s central thesis—that metrics are the language of business risk and operational effectiveness—to be both timely and critical. Mattei, with his extensive experience as a CISO and adjunct professor, successfully demystifies the process of creating, implementing, and sustaining a metrics program that aligns with strategic business objectives.
The book is logically structured into three parts: building the foundational program, identifying the most crucial metrics, and exploring advanced analytics with AI and machine learning. This structure guides the reader from basic principles to cutting-edge applications, making it accessible to seasoned leaders and aspiring analysts alike.
Part 1: Building the Foundation (Chapters 1-4)
The initial chapters lay the essential groundwork for any successful metrics program. Mattei begins by defining what constitutes an effective metric, distinguishing between traditional (reactive) and innovative (proactive) measures. He introduces the reader to key cybersecurity frameworks like NIST CSF, CIS Controls, and HITRUST, providing the necessary context for where metrics fit into established best practices.
For an IAM professional, Chapter 4, "Integrating Metrics into Business Strategy," is particularly resonant. We often struggle to articulate the value of IAM investments beyond mere operational efficiency. This chapter provides a clear roadmap for framing IAM metrics—such as time-to-provision, stale account remediation rates, or access certification completion—in terms of business value, risk reduction, and ROI. The introduction of the METRICS methodology (Measure, Evaluate, Threshold, Report, Improve, Communicate, and Sustain) in Chapter 3 offers a memorable and repeatable framework that is invaluable for program implementation.
Part 2: The Metrics That Matter (Chapters 5-9)
This section is the heart of the book, delving into specific metrics across the cybersecurity lifecycle, closely mirroring the functions of the NIST Cybersecurity Framework.
Governance and Risk (Chapters 5-6): Mattei correctly positions governance and risk management as the starting point. For IAM, this is fundamental. Policies, roles, and risk appetite defined here directly inform the design of access controls and identity lifecycle processes. The metrics discussed, such as the number of identified vs. addressed risks, provide a high-level view that justifies the need for robust IAM controls.
Protecting Assets (Chapter 7): This chapter is the most directly relevant to an IAM expert, and it delivers. Mattei dedicates a significant section to "Identity management, authentication, and access control." He provides a solid overview of core IAM principles, from the identity lifecycle and authentication methods (including MFA) to different access control models (DAC, MAC, RBAC, ABAC). The proposed metrics, such as the success/failure rate of authentication and incidents related to credential management, are foundational KPIs for any IAM program. While an IAM specialist might wish for a deeper dive into metrics for Privileged Access Management (PAM) or Identity Governance and Administration (IGA), the chapter provides an excellent and comprehensive introduction that correctly places IAM as a cornerstone of the "Protect" function.
Detection and Response (Chapters 8-9): These chapters are crucial for understanding how IAM plays a role in the complete security lifecycle. A compromised identity is often a key indicator in threat detection (Chapter 8) and a primary focus during incident response (Chapter 9). The metrics covered, such as Mean Time to Detect (MTTD) and Mean Time to Contain (MTTC), can often be traced back to an identity-related event. Mattei's introduction of the ATLAS (Alert Threshold Lifecycle Assessment System) methodology is a standout feature, offering a systematic way to reduce alert fatigue—a common problem when monitoring for anomalous access or credential misuse.
Part 3: Beyond the Basics (Chapters 10-13)
The final part of the book transitions from traditional metrics to the forward-looking world of advanced analytics, machine learning, and AI. This is where the book truly becomes "data-driven" in the modern sense.
Advanced Analytics and AI (Chapters 10-12): Mattei provides practical, code-based examples (in Python) for statistical analysis, machine learning models, and deep learning. From an IAM perspective, the sections on anomaly detection (using techniques like DBSCAN and Isolation Forest) are exceptionally valuable. These methods are the foundation for modern User and Entity Behavior Analytics (UEBA) platforms that can detect sophisticated threats like insider risks, account takeovers, or "impossible travel" scenarios. By providing the underlying statistical and ML concepts, Mattei empowers practitioners to not just use these tools, but to understand how they work.
Generative AI (Chapter 13): The final chapter on Generative AI is a timely addition. Mattei demonstrates how to use local LLMs (via LM Studio) to generate synthetic data for testing, analyze datasets, and even automate reporting. For IAM, this has immense potential. For example, one could generate synthetic identity data to test the scalability of a provisioning system or use an LLM to summarize complex access review reports for business managers, making the certification process more efficient.
Strengths and Final Verdict
Key Strengths:
* Practical and Actionable: The book is filled with real-world examples, dashboard mockups, and Python code snippets that readers can immediately adapt.
* Strong Business Alignment: Its greatest strength is the relentless focus on connecting technical metrics to business value and strategic goals.
* Comprehensive Scope: It masterfully covers the spectrum from foundational principles to advanced, AI-driven techniques.
* Methodology-Driven: The introduction of frameworks like METRICS and ATLAS provides structured, repeatable processes for readers to implement.
From an IAM Perspective:
The book does an excellent job of situating IAM within the broader cybersecurity ecosystem. It doesn't treat identity as a silo but as an integral component of governance, protection, detection, and response. The metrics discussed for IAM are foundational and essential for any program.
Recommendation
Data-Driven Cybersecurity is an essential resource for CISOs, security managers, and analysts who want to build a mature, effective, and business-aligned security program. It is particularly valuable for those looking to bridge the communication gap with executive leadership by using data to tell a compelling story about risk and resilience.
As an Identity and Access Management expert, I highly recommend this book. It provides the necessary context to ensure that IAM is not just an operational function, but a strategic enabler of security, measured and managed with the same rigor as any other critical business function. It is a well-crafted, insightful, and indispensable guide for the modern security professional.
In the modern cybersecurity landscape, the challenge is no longer just about collecting data, but about transforming it into actionable intelligence. Mariano Mattei's Data-Driven Cybersecurity: Reducing Risk with Proven Metrics serves as a comprehensive and eminently practical guide to this very challenge. As a seasoned professional in Identity and Access Management (IAM), I find the book’s central thesis—that metrics are the language of business risk and operational effectiveness—to be both timely and critical. Mattei, with his extensive experience as a CISO and adjunct professor, successfully demystifies the process of creating, implementing, and sustaining a metrics program that aligns with strategic business objectives.
The book is logically structured into three parts: building the foundational program, identifying the most crucial metrics, and exploring advanced analytics with AI and machine learning. This structure guides the reader from basic principles to cutting-edge applications, making it accessible to seasoned leaders and aspiring analysts alike.
Part 1: Building the Foundation (Chapters 1-4)
The initial chapters lay the essential groundwork for any successful metrics program. Mattei begins by defining what constitutes an effective metric, distinguishing between traditional (reactive) and innovative (proactive) measures. He introduces the reader to key cybersecurity frameworks like NIST CSF, CIS Controls, and HITRUST, providing the necessary context for where metrics fit into established best practices.
For an IAM professional, Chapter 4, "Integrating Metrics into Business Strategy," is particularly resonant. We often struggle to articulate the value of IAM investments beyond mere operational efficiency. This chapter provides a clear roadmap for framing IAM metrics—such as time-to-provision, stale account remediation rates, or access certification completion—in terms of business value, risk reduction, and ROI. The introduction of the METRICS methodology (Measure, Evaluate, Threshold, Report, Improve, Communicate, and Sustain) in Chapter 3 offers a memorable and repeatable framework that is invaluable for program implementation.
Part 2: The Metrics That Matter (Chapters 5-9)
This section is the heart of the book, delving into specific metrics across the cybersecurity lifecycle, closely mirroring the functions of the NIST Cybersecurity Framework.
Governance and Risk (Chapters 5-6): Mattei correctly positions governance and risk management as the starting point. For IAM, this is fundamental. Policies, roles, and risk appetite defined here directly inform the design of access controls and identity lifecycle processes. The metrics discussed, such as the number of identified vs. addressed risks, provide a high-level view that justifies the need for robust IAM controls.
Protecting Assets (Chapter 7): This chapter is the most directly relevant to an IAM expert, and it delivers. Mattei dedicates a significant section to "Identity management, authentication, and access control." He provides a solid overview of core IAM principles, from the identity lifecycle and authentication methods (including MFA) to different access control models (DAC, MAC, RBAC, ABAC). The proposed metrics, such as the success/failure rate of authentication and incidents related to credential management, are foundational KPIs for any IAM program. While an IAM specialist might wish for a deeper dive into metrics for Privileged Access Management (PAM) or Identity Governance and Administration (IGA), the chapter provides an excellent and comprehensive introduction that correctly places IAM as a cornerstone of the "Protect" function.
Detection and Response (Chapters 8-9): These chapters are crucial for understanding how IAM plays a role in the complete security lifecycle. A compromised identity is often a key indicator in threat detection (Chapter 8) and a primary focus during incident response (Chapter 9). The metrics covered, such as Mean Time to Detect (MTTD) and Mean Time to Contain (MTTC), can often be traced back to an identity-related event. Mattei's introduction of the ATLAS (Alert Threshold Lifecycle Assessment System) methodology is a standout feature, offering a systematic way to reduce alert fatigue—a common problem when monitoring for anomalous access or credential misuse.
Part 3: Beyond the Basics (Chapters 10-13)
The final part of the book transitions from traditional metrics to the forward-looking world of advanced analytics, machine learning, and AI. This is where the book truly becomes "data-driven" in the modern sense.
Advanced Analytics and AI (Chapters 10-12): Mattei provides practical, code-based examples (in Python) for statistical analysis, machine learning models, and deep learning. From an IAM perspective, the sections on anomaly detection (using techniques like DBSCAN and Isolation Forest) are exceptionally valuable. These methods are the foundation for modern User and Entity Behavior Analytics (UEBA) platforms that can detect sophisticated threats like insider risks, account takeovers, or "impossible travel" scenarios. By providing the underlying statistical and ML concepts, Mattei empowers practitioners to not just use these tools, but to understand how they work.
Generative AI (Chapter 13): The final chapter on Generative AI is a timely addition. Mattei demonstrates how to use local LLMs (via LM Studio) to generate synthetic data for testing, analyze datasets, and even automate reporting. For IAM, this has immense potential. For example, one could generate synthetic identity data to test the scalability of a provisioning system or use an LLM to summarize complex access review reports for business managers, making the certification process more efficient.
Strengths and Final Verdict
Key Strengths:
* Practical and Actionable: The book is filled with real-world examples, dashboard mockups, and Python code snippets that readers can immediately adapt.
* Strong Business Alignment: Its greatest strength is the relentless focus on connecting technical metrics to business value and strategic goals.
* Comprehensive Scope: It masterfully covers the spectrum from foundational principles to advanced, AI-driven techniques.
* Methodology-Driven: The introduction of frameworks like METRICS and ATLAS provides structured, repeatable processes for readers to implement.
From an IAM Perspective:
The book does an excellent job of situating IAM within the broader cybersecurity ecosystem. It doesn't treat identity as a silo but as an integral component of governance, protection, detection, and response. The metrics discussed for IAM are foundational and essential for any program.
Recommendation
Data-Driven Cybersecurity is an essential resource for CISOs, security managers, and analysts who want to build a mature, effective, and business-aligned security program. It is particularly valuable for those looking to bridge the communication gap with executive leadership by using data to tell a compelling story about risk and resilience.
As an Identity and Access Management expert, I highly recommend this book. It provides the necessary context to ensure that IAM is not just an operational function, but a strategic enabler of security, measured and managed with the same rigor as any other critical business function. It is a well-crafted, insightful, and indispensable guide for the modern security professional.
October 18, 2025
I really enjoyed reading “Data Driven Cybersecurity” by Mariano Mattei. It’s one of those books that makes a complex topic feel approachable and practical. Instead of just talking about cyber threats in general terms, it actually shows you how to measure, track, and improve what matters most in security.
The book is well organized — it starts with the basics of building a solid foundation for metrics, then moves into real-world areas like risk, threat detection, and incident management. My favorite part is the last section, where it explores how AI and machine learning are changing the game for cybersecurity analytics.
What makes this book stand out is how it connects data-driven insights with real business value. It’s not just for data scientists — anyone in cybersecurity, from analysts to managers, can learn how to make smarter decisions backed by data. In short, this book bridges the gap between cybersecurity operations and data science. It’s practical, current, and visionary — a must-read for anyone looking to build a mature, data-driven security program.
If you’re looking to take a more structured, measurable approach to cybersecurity, this is an excellent read. Clear, relevant, and surprisingly engaging!
The book is well organized — it starts with the basics of building a solid foundation for metrics, then moves into real-world areas like risk, threat detection, and incident management. My favorite part is the last section, where it explores how AI and machine learning are changing the game for cybersecurity analytics.
What makes this book stand out is how it connects data-driven insights with real business value. It’s not just for data scientists — anyone in cybersecurity, from analysts to managers, can learn how to make smarter decisions backed by data. In short, this book bridges the gap between cybersecurity operations and data science. It’s practical, current, and visionary — a must-read for anyone looking to build a mature, data-driven security program.
If you’re looking to take a more structured, measurable approach to cybersecurity, this is an excellent read. Clear, relevant, and surprisingly engaging!
Displaying 1 - 2 of 2 reviews