INSIGHTS | October 20, 2025

IOActive Guest Webinar | Urban Jonson, CISSP | Advancing Cybersecurity Programs: Lessons from TARA Process Evaluation

Download the Deck to Follow Along

Abstract

Cybersecurity programs are under increasing pressure to demonstrate measurable efficacy, deliver value, and align with governance expectations—while operating under tight cost constraints. Return on Spend (ROS) and Return on Security Investment (ROSI) have become essential metrics for justifying and sustaining initiatives. This presentation evaluates program performance through the lens of Threat Analysis and Risk Assessment (TARA), drawing on insights from surveys of OEMs, Tier 1 suppliers, tool providers, regulators, fleets, and industry experts.

The study highlights recurring challenges of consistency, quality, and organizational maturity that limit the effectiveness of TARAs, often preventing them from functioning as true safety-critical safeguards. By applying proven process improvement disciplines, such as Lean, Six Sigma, and business process modeling, organizations can modernize their workflows, align with governance objectives, reduce costs, and enhance continuous risk management.

Attendees will gain practical strategies for improving program governance, leveraging performance metrics, and optimizing processes to maximize the ROI of cybersecurity operations. The objective is clear: deliver faster, smarter, and more resilient cybersecurity that drives both safety and business value across the ecosystem.

About the Presenter

Urban Jonson is a co-founder of SERJON (www.serjon.com) and a frequent collaborator with IOActive. Urban is a cybersecurity industry leader and serves in multiple advisory roles, including SAE International, TMC, ESCAR USA, CyberTruck Challenge, and as a cybersecurity expert for FBI InfraGard and the FBI Automotive Sector Working Group.

Additional Resources:

Contact IOActive