Podcast: The Cyber Defense Matrix

April 21, 2021
by
Sounil Yu

 

In 2020, Security Magazine listed Sounil Yu as one of the most Influential People in Security, in part because of his work on the Cyber Defense Matrix, a framework for understanding and navigating your cybersecurity environments. The Cyber Defense Matrix  started as a project when Sounil was the Chief Security Scientist at Bank of America. The initial problem he focused on with the matrix was how to evaluate and categorize vendors and the solutions they provided. 

The Cyber Defense Matrix is a structured framework that allows a company to understand who their vendors are, what they do, how they work along side one another, what problem they profess to solve, and ultimately to find gaps in the company's portfolio of capabilities. In the seven years Sounil has been working on the project, he has developed use cases that make the Cyber Defense Matrix practical for purposes such as rationalizing technology purchases, defining metrics and measurements, and identifying control gaps and opportunities. The matrix has been adopted by the OWASP Foundation as a community project. Elements of the matrix have been incorporated into the Center for Internet Security's (CIS) Top 20 Critical Security Controls

I talked with Sounil to hear how the project was going, what his plans are for the future of the matrix, and what help he can use from the community for expanding its usefulness. 

About Sounil Yu

Before Sounil Yu joined JupiterOne as CISO and Head of Research, he was the CISO-in-Residence for YL Ventures, where he worked closely with aspiring entrepreneurs to validate their startup ideas and develop approaches for hard problems in cybersecurity. Prior to that role, Yu served at Bank of America as their Chief Security Scientist and at Booz Allen Hamilton where he helped improve security at several Fortune 100 companies and government agencies.

Resources

 

 

People | Process | Technology Podcast · The Cyber D

Sounil Yu
Sounil Yu

Before Sounil Yu joined JupiterOne as CISO and Head of Research, he was the CISO-in-Residence for YL Ventures, where he worked closely with aspiring entrepreneurs to validate their startup ideas and develop approaches for hard problems in cybersecurity. Prior to that role, Yu served at Bank of America as their Chief Security Scientist and at Booz Allen Hamilton where he helped improve security at several Fortune 100 companies and government agencies.

More blog posts by
Sounil Yu

SUBSCRIBE TO OUR NEWSLETTER

Stay up-to-date on emerging threats and security news

  • Checkmark
    Day-zero vulnerabilities & solutions
  • Checkmark
    Best practices for asset management
  • Checkmark
    Streamlining compliance and audit
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Keep Reading

The Vulnerability Management Industrial Complex | JupiterOne
May 13, 2026
Blog
The Vulnerability Management Industrial Complex

In 2020, average time to remediate a vulnerability was 171 days. Today it's 252 — and AI just collapsed time-to-exploit to nine hours. A long-form argument that the V

AI Agents Have Keys to the Kingdom | JupiterOne
May 13, 2026
Blog
Your AI Agents Have Keys to the Kingdom. Do You Know Which Ones?

AI agents authenticate as service accounts but reason like employees — and most security teams can't see the difference. Here's why JupiterOne built AI Attack Surface

Meet the New JupiterOne: AI ASM + UVM Launch | JupiterOne
May 13, 2026
Blog
SAY HI TO THE NEW JUPITERONE AND OUR NEW PRODUCTS

Today we're launching the new JupiterOne — a refreshed AI Risk Management Platform plus two products our customers asked us to build: AI Attack Surface Management and

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

Product

Platform
AI Attack Surface Management
Unified Vulnerability Management
Continuous Controls Monitoring
Integrations

Community

Community
Support
Questions library
Documentation

Resources

Resources
Case studies
Blog
Books & reports
Events

Legal

Legal & Security
Terms of Use
Privacy Policy

Company

Company
Contact
Careers
Press kit
Partners

Copyright © JupiterOne 2026. All rights reserved.