soc30 / lms
connected
back to day 29
WEEK_4 · DAY_29 · LAB

Lab 29 — Build a CISO Dashboard

What the CISO actually wants to see

LAB PROGRESS0/4 steps · 0%

Lab Objectives

  • Define MTTD, MTTR, alert volume, FP rate, dwell time
  • Build a CISO dashboard in ES
  • Differentiate operational metrics vs strategic outcomes
  • Communicate SOC value in business terms

Lab Instructions

  1. 1
    Open Splunk ES → Security Posture.
  2. 2
    Identify the 4 KPIs the CISO cares about most.
  3. 3
    Sketch a dashboard: 4 KPI tiles (current + 30d trend) + 1 risk heatmap + 1 incidents-by-month.
  4. 4
    Convert each KPI to a business outcome statement.
← LAB 28
Lab 28 — Cloud Detection
LAB 30
Lab 30 — CAPSTONE