Master the framework that helps security teams classify, organize, and advance their cybersecurity capabilities.
Created by Sounil Yu, the Cyber Defense Matrix maps 5 operational functions from the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover) against 5 asset classes (Devices, Applications, Networks, Data, Users) to create a comprehensive 25-cell grid that captures the entire landscape of cybersecurity.
25 cells covering all security domains
Built on the NIST Cybersecurity Framework
Map any tool to the framework
Official website by Sounil Yu with the original framework documentation.
The foundational framework that defines Identify, Protect, Detect, Respond, Recover.
Video playlist by Sounil Yu explaining the CDM framework, its applications, and how to use it.
“Cybersecurity has become too complex — chaotic even. The Cyber Defense Matrix helps break through the noise, offering a clear understanding of how our assets relate to one another and reinforcing our ability to gain deeper structural and situational awareness.”
Erkang Zheng
Founder and CEO at JupiterOne
“One of the most difficult things in the ever burgeoning space that is Cyber Security, is understanding and mapping the myriad products that are shotgunned across the solution landscape. Harder yet, determining where, when, how and why to invest, as products evolve over their lifecycle and often become features not markets becomes critical lest you enjoy the ‘no vendor left behind’ strategy of product deployment. The Cyber Defense Matrix brings rigor, sanity and a structure to these problems. Fail to use it at your peril!”
Bryan Ware
Former Assistant Director for Cybersecurity at DHS CISA
“Free your mind! Red/Blue/Purple pill… SEE the Matrix, transcend the noise, unlock critical thinking & progress. Sounil's Rosetta Stone is ONLY the beginning.”
Christofer Hoff
Security Elist
“The Cyber Defense Matrix is the first comprehensive security framework that actually works. Having applied the matrix for years since hearing about it from Sounil, it is the only one that hasn't gotten overly complicated with use. I highly recommend it to anyone (practitioners, entrepreneurs, investors) as a way to rationalize the exponential growth in security innovation.”
Will Lin
Managing Director and Founding Member at Forgepoint Capital
“The Cyber Defense Matrix has become an indispensable part of my journalism toolkit. It's a perfect framework to help cut through vendor hype to determine product and technology usefulness.”
Ryan Naraine
Editor-at-Large, SecurityWeek and host of Security Conversations podcast
“I liken the Cyber Defense Matrix to the periodic table of security. It defines and explains how security program elements work together. It should become the standard for security communications — particularly when rationalizing our efforts to security outsiders who see security as a cryptic black hole or bottomless money pit with questionable ROI.”
Richard Seiersen
Author of How to Measure Anything in Cybersecurity Risk and the Metrics Manifesto