Podcast: The Cyber Defense Matrix

by

 

In 2020, Security Magazine listed Sounil Yu as one of the most Influential People in Security, in part because of his work on the Cyber Defense Matrix, a framework for understanding and navigating your cybersecurity environments. The Cyber Defense Matrix  started as a project when Sounil was the Chief Security Scientist at Bank of America. The initial problem he focused on with the matrix was how to evaluate and categorize vendors and the solutions they provided. 

The Cyber Defense Matrix is a structured framework that allows a company to understand who their vendors are, what they do, how they work along side one another, what problem they profess to solve, and ultimately to find gaps in the company's portfolio of capabilities. In the seven years Sounil has been working on the project, he has developed use cases that make the Cyber Defense Matrix practical for purposes such as rationalizing technology purchases, defining metrics and measurements, and identifying control gaps and opportunities. The matrix has been adopted by the OWASP Foundation as a community project. Elements of the matrix have been incorporated into the Center for Internet Security's (CIS) Top 20 Critical Security Controls

I talked with Sounil to hear how the project was going, what his plans are for the future of the matrix, and what help he can use from the community for expanding its usefulness. 

About Sounil Yu

Before Sounil Yu joined JupiterOne as CISO and Head of Research, he was the CISO-in-Residence for YL Ventures, where he worked closely with aspiring entrepreneurs to validate their startup ideas and develop approaches for hard problems in cybersecurity. Prior to that role, Yu served at Bank of America as their Chief Security Scientist and at Booz Allen Hamilton where he helped improve security at several Fortune 100 companies and government agencies.

Resources

 

 

People | Process | Technology Podcast · The Cyber D

Sounil Yu
Sounil Yu

Before Sounil Yu joined JupiterOne as CISO and Head of Research, he was the CISO-in-Residence for YL Ventures, where he worked closely with aspiring entrepreneurs to validate their startup ideas and develop approaches for hard problems in cybersecurity. Prior to that role, Yu served at Bank of America as their Chief Security Scientist and at Booz Allen Hamilton where he helped improve security at several Fortune 100 companies and government agencies.

Keep Reading

Closing the Software Supply Chain Risk | JupiterOne
August 14, 2025
Blog
Closing the Software Supply Chain Risk

JupiterOne turns SBOMs into living intelligence—automated, enriched, and actionable to cut software supply chain risk fast.

5 Essential Tips for Using JupiterOne MCP Server | JupiterOne
August 12, 2025
Blog
5 Essential Tips for Using JupiterOne MCP Server

Discover 5 key tips for using JupiterOne MCP to automate risk insights, build dashboards, and streamline security with natural language prompts.

Launching the JupiterOne MCP Server: Supercharging Agentic AI for Security-First Enterprises | JupiterOne
July 28, 2025
Blog
Launching the JupiterOne MCP Server: Supercharging Agentic AI for Security-First Enterprises

The JupiterOne MCP Server helps security teams operationalize agentic AI—connecting models to live context, tools, and data without rebuilding your stack.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.