ArchiveOODA Original

Seeking Security Alpha

In December 2019, we published the Top 11 Habits of Effective CISOs that provided our perspective on those habits that resulted in effective cybersecurity programs. One of our identified habits was Seeking Security Alpha.

In cybersecurity, it has long been assumed that the attacker has the advantage and that defenders must deploy a disproportionate amount of resources (time, money, etc.) to even try and maintain some parity.

In the financial industry, there is a term called “seeking alpha” for those investment managers looking to exceed standard performance on a risk-adjusted basis. Recent work by the New York Cyber Task Force implies that CISOs can seek security alpha as well – that is spend a dollar on defense that causes an attacker to spend a disproportionate amount on offense.

In seeking security alpha you should be deploying strategies and solutions that increase the cost to the attacker and provide you with maximum security return-on-investment for the threats and risks your organization faces.

In this piece, we’ve conducted interviews with two successful CISOs to provide insight into how they view security alpha issues. Mark Weatherford is a highly experienced and successful CISO who has worked in the public sector at both the state and federal level and also as a CISO for multi-billion dollar commercial organizations. Our Global FS CISO currently works as the Global CISO at one of the largest financial services firms in the world and has 25 years of experience working on cybersecurity and risk management issues.

Their responses provide direct insight into how they work to improve the ROI of their program and increase attacker cost.

OODA: Are there any particular strategies that you’ve used to increase your ROI for all or parts of your cybersecurity spend?

Global FS CISO:  Conceptually, working for a bank that’s a leader…

Want more insight? Log in for the full report

This content is restricted to OODA Network members only. Members get access to all site content plus access to exclusive reports and events. Please consider becoming a member. For more information please click here. Thanks!

Already a member?  Sign in to your account.

Matt Devost

Matt Devost

Matthew G. Devost is the CEO & Co-Founder of OODA LLC. Matt is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cyber-security issues. Matt co-founded the cyber security consultancy FusionX from 2010-2017. Matt was President & CEO of the Terrorism Research Center/Total Intel from 1996-2009. For a full bio, please see