The Cyber Defense Matrix

Written by Sounil Yu, and with forewords by security industry luminaries Dan Geer and Wendy Nather, the Cyber Defense Matrix eBook helps practitioners, vendors, and investors understand the range of capabilities needed to build, manage, and operate a security program.

To defend their assets, organizations need a clear way to identify security gaps and the tools available to address them.

Created by Sounil Yu, former Chief Security Scientist at Bank of America and current CISO and Head of Research at JupiterOne, the Cyber Defense Matrix brings order and organization to the cybersecurity landscape.

Simple in form, easy to grasp, and highly versatile, the matrix is already helping organizations from the Fortune 500 to top government agencies strengthen protection against rising cybersecurity threats.

  • CISOs can gain at-a-glance visibility into security strategy execution, prioritize investments, and communicate more effectively with executive leadership
  • Security engineering can quickly identify gaps in security controls, decipher vendor jargon, and better align needs with solutions
  • Security operations can clarify organizational responsibilities and verify that security processes are fully supported with effective technologies
  • Cloud security can incorporate third-party service providers into a comprehensive view of assets and security responsibilities to ensure seamless handoffs and avoid gaps

Learn how to apply the Cyber Defense Matrix in your work in this comprehensive guide—and bring new insight to the critical cybersecurity space.

Screen Shot 2022-06-15 at 9.50.41 AM

Praise for the Cyber Defense Matrix

“Exceptional read and "go to" reference! Bravo!”
- Pamela Fusco, CISO at Splunk

“Cybersecurity is the most challenging intellectual profession on the planet; however you approach it, your methods, your process has to be reliably stable (and straightforward) in the face of technologic ferment and sentient opponents. Start here.”
- Dan Geer, CISO at In-Q-Tel

“With Sounil Yu’s Cyber Defense Matrix, not only does this tool have a blunt end and a sharp end (for very high-level strategic discussions as well as nit-picky dissections of technical functionality), but it can telescope to different dimensions to encompass who owns a function or asset, who is responsible for handoffs in a process flow, and where risks have externalities.”
- Wendy Nather, Head of Advisor CISOs, Cisco

"Sounil's classification system helps both security leaders and investors alike understand the true value and operational potential of cybersecurity solutions, providing much-needed guidance for making responsibly informed decisions around highly technical and often overlapping products. At YL Ventures, we had the pleasure of watching Sounil put his system into practice to not only better appreciate the ideas that come our way, but to also critically sharpen our portfolio companies' value propositions and communications with customers!"
- Yoav Leitersdorf, YL Ventures

“Cybersecurity has become too complex — chaotic even. The Cyber Defense Matrix helps break through the noise, offering a clear understanding of how our assets relate to one another and reinforcing our ability to gain deeper structural and situational awareness.”
- Erkang Zheng, Founder and CEO of JupiterOne

“The Cyber Defense Matrix is an important strategic tool to help CISOs implement a high confidence security program.”
- Bryan Ware, former Assistant Director for Cybersecurity at DHS CISA

The Cyber Defense Matrix is the first comprehensive security framework that actually works. Having applied the matrix for years since hearing about it from Sounil, it is the only one that hasn’t gotten overly complicated with use. I highly recommend it to anyone (practitioners, entrepreneurs, investors) as a way to rationalize the exponential growth in security innovation.”
- Will Lin, Managing Director and Founding Member at Forgepoint Capital

“The Cyber Defense Matrix has become an indispensable part of my journalism toolkit. It’s a perfect framework to help cut through vendor hype to determine product and technology usefulness.”
- Ryan Naraine, Editor-at-Large, SecurityWeek and host of Security Conversations podcast

“I liken the Cyber Defense Matrix to the periodic table of security. It defines and explains how security program elements work together. It should become the standard for security communications - particularly when rationalizing our efforts to security outsiders who see security as a cryptic black hole or bottomless money pit with questionable ROI.”
- Richard Seiersen, author of How to Measure Anything in Cybersecurity Risk and the Metrics Manifesto

“Free your mind! Red/Blue/Purple pill… SEE the Matrix; transcend the noise, unlock critical thinking & progress. Sounil’s Rosetta Stone is ONLY the beginning.”
- Josh Corman, Cyber [Strategist | Philosopher | Educator | Provocateur | Policy Catalyst | Futurist]