Trying to keep within the remit of general information security. I’d be interested in reading about how to respond to incidents and what can subsequently be learnt from them, and, how to deal with insider threats.
Metrics to measure the effectiveness of security program. For instance I find the number of spams blocked to be a poor metric that’s more about big numbers in a chart than any meaningful representation of how the organization is reducing risk or saving money. Good metrics are things like measuring number of incidents detected internally vs by customers, attack vectors, time to respond to incident, time to close out incident, lag time for remediating vulnerabilities, etc.