Anyone have any good references on developing cybersecurity metrics? Articles, Books, Seminars or Videos? Also hearing any personal experiences in metric development, implementation and tracking would be helpful.
Recently @TrickyDicky and I put together a blog on Metrics:
Not sure if that will help or not.
one of the first places i'll start with beside NIST and CISA is CSA - https://cloudsecurityalliance.org/ it is also part of the CCSP certification and has lots of cloud based knoeldge