Why Cybersecurity Risk Scores Fail CISOs
Security Boulevard Podcast
•
35m
What does a cybersecurity score of 76 actually mean?
In this episode of Security Boulevard, the panel takes aim at one of the most persistent problems in cybersecurity: reducing complex risk into a single number on a dashboard. Tom Hollingsworth, Fernando Montenegro and Jay Cuthrell unpack why so many security scores lack context, create false precision and often mislead the very executives they are supposed to inform.
The discussion explores the flaws in overly simplified risk scoring models, the dangers of color-coded dashboards, and why metrics like CVSS often fail without business and environmental context. The panel also looks at the difference between proprietary “secret sauce” scoring systems and more defensible approaches to risk quantification, including frameworks like FAIR.
From misleading executive dashboards to the real challenge of communicating cyber risk in business terms, this episode is a sharp look at why security metrics need more than a number.
Up Next in Security Boulevard Podcast
-
NVIDIA’s AI Security Power Play: Crow...
NVIDIA is no longer just selling chips—it is becoming a central force in the future of AI infrastructure and security.
On this episode of the Security Boulevard podcast, Tom Hollingsworth, Alan Shimel, and Mitch Ashley break down NVIDIA’s growing security ecosystem and what it means for the enter... -
Beyond Ransomware: Why the Stryker "W...
-
AI Needs Rules: Why Cybersecurity Lea...
As RSAC approaches, the conversation around artificial intelligence is shifting from innovation to governance.
In this episode of Security Boulevard, Tom Hollingsworth, Mitch Ashley and Fernando Montenegro explore why many cybersecurity leaders believe AI development needs clear rules before risk...
