Jeffrey Wheatman

Jeffrey Wheatman

VP Analyst
Jeffrey Wheatman is a Research VP in Gartner Research, where Mr. Wheatman regularly advises clients on a wide range of security and IT risk management issues, with a focus on strategy, team building, metrics and reporting, communicating techniques and risk management. As an experienced analyst within Gartner's S&RM team, he works with senior security and risk management leaders to help them identify, assess and treat IT-related risks within their environments.
Read More Read Less
Monday, June 01, 2020 05:15 PM|Monday, June 01, 2020 05:45 PM
Five Steps to Creating a Simple Business-Aligned Cybersecurity Strategy

Everyone knows how important strategic planning is for success and yet it is an immense challenge … for pretty much everyone. Join us to learn a simple approach that can be used to create a simple story that links security program activities to business goals in a way the drives better decisions.
1. What makes a good strategy?
2. What kind of narratives work?
3. What does a sample strategy look like?

Tuesday, June 02, 2020 11:45 AM|Tuesday, June 02, 2020 12:15 PM
Risk Quantification Is a Fool’s Errand — Don’t Be a Fool

Security and risk leaders want to quantify risk. Our business stakeholders want us to quantify risk. What if it’s actually not possible. Maybe we should stop trying and instead focus on what we can do to talk about risk in a way that business stakeholders actually care about.
1. What do we mean by risk quantification?
2. Why doesn't risk quantification actually work?
3. What can we do instead?

Wednesday, June 03, 2020 05:15 PM|Wednesday, June 03, 2020 05:45 PM
When It Comes to Security Metrics, Context Is More Important Than Content

Useful and actionable security metrics continue to be elusive. Program leaders often share what they have rather than what they should. Maybe we have been going about it the wrong way. Maybe, the problem isn’t what you tell your stakeholders, but rather the way you tell them.
1. What are the biggest challenges in reporting security metrics?
2. Why context is more important than the actual metrics?
3. What can leaders do to provide the proper level of context and drive action?

Meet the experts face to face.