Are We Measuring the Right Things?

Security runs on metrics, but do those metrics reflect real risk?

In this episode of The Watchtower, Ash Hunt sits down with Wade Baker - co-founder of Cyentia Institute and longtime architect of the Verizon DBIR - to dismantle the cybersecurity metrics that feel right but consistently lead programs astray. They take down "average cost per breach," expose why MTTR makes security teams look great while 99% of their vulnerabilities sit untouched, and introduce the half-life metric that actually tracks risk. Plus: why metrics are weaponized more often than they're used, and how AI agents are (finally) democratizing rigorous risk quantification.