Gartner Expert

Paul E. Proctor

Distinguished VP Analyst

Paul Proctor is a VP and Distinguished Analyst, and former Chief of Research for Risk and Security at Gartner. He leads CIO research for technology risk, cybersecurity and digital business measurement. Mr. Proctor advises CIOs, executives and boards to manage risk and balance the needs to protect with the needs to run their business. Mr. Proctor's coverage includes board reporting, outcome-driven metrics, risk management, the Cybersecurity Business Value Benchmark, and digital business transformation. His groundbreaking research in risk, value, and cost (RVC) management helps organizations prioritize and invest in the readiness of technology to support their business and mission outcomes. His work on cybersecurity as a business decision helps organizations prioritize and invest in cyber through protection level agreements (PLA) and outcome-driven metrics (ODM). In 2016, he was appointed to the University of California Cyber Risk Advisory Board by former Secretary of Homeland Security and UC President, Janet Napolitano.

Previous experience

Mr. Proctor has been involved in various aspects of risk management and the business value of IT since 1985. He was the founder and CTO of two technology companies and developed first and second-generation host-based intrusion-detection technologies. He is a recognized expert in the fields of risk management, information security, and associated regulatory compliance issues. He has authored two books published by Prentice Hall. He was recognized for his expertise by being appointed to the original Telecommunications Infrastructure Protection working group used by Congress to understand critical infrastructure protection issues prior to the terrorist attack of 11th September. Previously, he worked for SAIC, Centrax, CyberSafe, Network Flight Recorder, and Practical Security.

Professional background

SAIC

Engineering Manager

Centrax

Founder and Chief Technology Officer

CyberSafe

Chief Technology Officer

Areas of coverage

Gartner Research Board for Global CIOs

IT Cost Optimization, Finance, Risk and Value

Executive Leadership: Digital Business

Executive Leadership: Strategic Risk Management

CIO Executive Leadership Development

Education

B.S., Mathematics/Computer Science, University of Illinois

Read More Read Less

Top Issues That I Help Clients Address

1CIOs treating cybersecurity as a business decision/investment

2Developing outcome-driven metrics to manage risk, value, and cost

3Linking risk management to corporate performance

4Measuring digital business transformation through KPIs

5Board-level reporting for security and risk

Latest blog posts

What Cybersecurity Metrics Should I Report to My Board?

April 18 2022

Read Now

Benchmarking Cybersecurity Value Delivery

April 18 2022

Read Now

Value is Missing in Executive Communication on Cybersecurity

April 18 2022

Read Now

The Three Unanswered Board Questions That Drive Cybersecurity Investment

April 18 2022

Read Now

Use Value to Govern Cybersecurity as a Business Investment

April 06 2022

Read Now

Cybersecurity as a Business Decision: A Manifesto

March 28 2022

Read Now

NO! Organizations Should NOT Bake Ransomware Payments Into Their Business Models

May 14 2021

Read Now

Sony Pictures Hack: Advice-apalooza

January 04 2015

Read Now

People-Centric Security Can Help Limit Sony-esque Damage

January 03 2015

Read Now

Stop Picking on Sony Security over North Korea Hack

December 09 2014

Read Now

Is the Internet Already Secure Enough?

October 02 2014

Read Now

Gartner GRC Reset: And the Vendors are…

September 08 2014

Read Now

View
  • 1
of 1

Latest research and insights

Research

The Gartner Cybersecurity Business Value Benchmark, First Generation

Learn More

Purchase Research

IT for Sustainable Growth: Insights From the 2022 Gartner IT Symposium/Xpo Keynote

Buy Now

Research

Govern Cybersecurity as a Business Decision

Learn More