Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
Boards want numbers, not narrative. The metrics that work: incidents/quarter by severity (trend), mean-time-to-detect (trend), mean-time-to-respond (trend), bug-bounty findings (trend), regulator MRAs open (target zero), training completion rate, third-party assessments completed/quarter, percentage of features with completed threat models. Each is leading or lagging — together they tell whether the program is healthy.
Recommendation: ship a one-page security scorecard quarterly: 8 metrics with trends + RAG status + one paragraph commentary. The CFO understands it because it looks like a P&L. The CEO understands it because it has trends. The board understands it because it's bounded to one page.
Use these three in order. Each builds on the one before.
In one paragraph, list five security metrics for a fintech board.
Walk me through computing MTTD and MTTR.
Design a security scorecard for a Series-D fintech.