Gartner Expert

Paul E. Proctor

Distinguished VP Analyst

Paul Proctor is a VP and Distinguished Analyst, and former Chief of Research for Risk and Security at Gartner. He leads CIO research for technology risk, cybersecurity and digital business measurement. Mr. Proctor advises CIOs, executives and boards to manage risk and balance the needs to protect with the needs to run their business. Mr. Proctor's coverage includes board reporting, outcome-driven metrics, risk management, the Cybersecurity Business Value Benchmark, and digital business transformation. His groundbreaking research in risk, value, and cost (RVC) management helps organizations prioritize and invest in the readiness of technology to support their business and mission outcomes. His work on cybersecurity as a business decision helps organizations prioritize and invest in cyber through protection level agreements (PLA) and outcome-driven metrics (ODM). In 2016, he was appointed to the University of California Cyber Risk Advisory Board by former Secretary of Homeland Security and UC President, Janet Napolitano.

Previous experience

Mr. Proctor has been involved in various aspects of risk management and the business value of IT since 1985. He was the founder and CTO of two technology companies and developed first and second-generation host-based intrusion-detection technologies. He is a recognized expert in the fields of risk management, information security, and associated regulatory compliance issues. He has authored two books published by Prentice Hall. He was recognized for his expertise by being appointed to the original Telecommunications Infrastructure Protection working group used by Congress to understand critical infrastructure protection issues prior to the terrorist attack of 11th September. Previously, he worked for SAIC, Centrax, CyberSafe, Network Flight Recorder, and Practical Security.

Professional background

SAIC

Engineering Manager

Centrax

Founder and Chief Technology Officer

CyberSafe

Chief Technology Officer

Areas of coverage

Gartner Research Board for Global CIOs

Technology Finance, Risk and Value Management

Executive Leadership: Digital Business

Executive Leadership: Strategic Risk Management

CIO Executive Leadership Development

Education

B.S., Mathematics/Computer Science, University of Illinois

Read More Read Less

Top Issues That I Help Clients Address

1CIOs treating cybersecurity as a business decision/investment

2Developing outcome-driven metrics to manage risk, value, and cost

3Linking risk management to corporate performance

4Measuring digital business transformation through KPIs

5Board-level reporting for security and risk

Latest blog posts

16 Metrics to Transform Cybersecurity Measurement, Reporting, and Investment

May 22 2023

Read Now

The Gartner Cybersecurity Business Value Benchmark

May 22 2023

Read Now

Cybersecurity Spending Does Not Equal Protection

February 12 2023

Read Now

What Cybersecurity Metrics Should I Report to My Board?

April 18 2022

Read Now

Benchmarking Cybersecurity Value Delivery

April 18 2022

Read Now

Value is Missing in Executive Communication on Cybersecurity

April 18 2022

Read Now

The Three Unanswered Board Questions That Drive Cybersecurity Investment

April 18 2022

Read Now

Use Value to Govern Cybersecurity as a Business Investment

April 06 2022

Read Now

Cybersecurity as a Business Decision: A Manifesto

March 28 2022

Read Now

NO! Organizations Should NOT Bake Ransomware Payments Into Their Business Models

May 14 2021

Read Now

View
  • 1
of 1

Latest research and insights

Purchase Research

Use Outcome-Driven Metrics to Drive Value for Identity and Access Management

Buy Now

Research

Stop Performing Cybersecurity Theater: It Is No Longer Scaling

Learn More

Research

Quick Answer: What Is a Cybersecurity Outcome-Driven Metric?

Learn More