Getting Started with Information Security Metrics for 27K (G14) Gary has extensive practical experience of information security, having worked in, managed and provided consultancy support to information security and IT audit functions for large multinationals in financial services, pharmaceuticals, civil & military aerospace and high technology industries for more than 25 years. He has specified, designed, tested, implemented, operated, managed and reviewed all sorts of information security controls. Through the innovative information security awareness service, NoticeBored, he proactively researches and debunks all sorts of information security topics for global customers. Through ISO27001security.com, Gary supports a global community of users of the ISO27k Information Security Management Systems standards. In conjunction with Krag Brotby, Gary brought common sense to security metrics through PRAGMATIC Security Metrics.