<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Metrics on null thøught</title><link>https://nullthought.dev/tags/metrics/</link><description>Recent content in Metrics on null thøught</description><generator>Hugo</generator><language>en-gb</language><lastBuildDate>Sun, 18 May 2025 00:00:00 +0000</lastBuildDate><atom:link href="https://nullthought.dev/tags/metrics/index.xml" rel="self" type="application/rss+xml"/><item><title>detection engineering: what matters and can you measure success?</title><link>https://nullthought.dev/posts/detection-engineering-what-matters-and-can-you-measure-success/</link><pubDate>Sun, 18 May 2025 00:00:00 +0000</pubDate><guid>https://nullthought.dev/posts/detection-engineering-what-matters-and-can-you-measure-success/</guid><description>&lt;h2 id="a-beginning">a beginning&lt;/h2>
&lt;p>I have been thinking lately about detection engineering. Specifically, I have been thinking about these two questions as they relate to a detection engineering program:&lt;/p>
&lt;ol>
&lt;li>What matters?&lt;/li>
&lt;li>Can you measure success?&lt;/li>
&lt;/ol>
&lt;p>I am not sure I have a good answer to either of these questions yet and there isn&amp;rsquo;t a lot of authoritative information out there. As far as I can tell, detection engineering is a somewhat specialised and relatively new field within cyber security. It seems like most organisations are doing their own thing and only sufficiently mature organisations appear to have dedicated detection engineering teams.&lt;/p></description></item></channel></rss>