Closing the Gaps: How We Reduced Our Managed Risk Score from 7.9 to 5.7 and Reached 100% Coverage

Posted on by Brian N

Cybersecurity & Operations Excellence.

In cybersecurity, numbers tell stories — but not the whole story.
The summer we dropped our Arctic Wolf Managed Risk Score from 7.9 to 5.7 and raised our Coverage Score from 70% to 100% wasn’t just about metrics. It was about culture, consistency, and the quiet discipline of doing the hard things every week.

The Call That Started It

It began with a phone call from Tawny, our CIO.

“Ed wants to start meeting weekly with senior and middle management,” she said.
“We’ll be discussing operational outcomes and productivity.”

Perfect. I already knew what I wanted to talk about: cybersecurity posture — my ongoing passion project.

At the time, our Arctic Wolf Managed Risk Dashboard displayed a Risk Score of 7.9.
That number bothered me. Not because it was terrible, but because I knew we could do better — much better.

So I made it my mission for the summer: reduce the risk score, increase the coverage score, and prove that continuous improvement could be operationalized.

Phase 1: Building a Culture Around Risk Awareness

You can’t improve what people don’t see.

The first step was awareness — making risk a shared language, not just a security metric. I started bringing the Arctic Wolf dashboard into every weekly management meeting.
Instead of burying security behind acronyms or compliance charts, I showed the score — like a golf handicap for our organization.

We talked about it. We owned it. And we made it everyone’s business.

From there, I worked one-on-one with teammates to reinforce the fundamentals:

  • Stronger password policies — encouraging rotation and complexity, not through enforcement, but through understanding the “why.”
  • End-user MFA expansion — bringing Zero Trust principles down to endpoints, not just perimeter systems.
  • Consistent patching cadence — the most overlooked, yet most effective defense mechanism we have.

Within weeks, conversations that used to be about “how fast can we fix this ticket” turned into “how do we prevent this risk in the first place?”

Phase 2: Turning Patching Into a Discipline

Let’s be honest — patching is the broccoli of IT. Everyone knows it’s good for you, but nobody gets excited about it.

Still, it was the biggest driver of our score reduction.

I started by aligning our process with Arctic Wolf’s vulnerability data. The platform highlighted which systems contributed the most to our overall risk score, so we prioritized those.

Then, we got systematic:

  • Windows Updates: Patch Tuesday became a sacred ritual.
  • Firmware: PowerStore appliances, network switches, firewalls — nothing was off-limits.
  • Open-Source Dependencies: Node.js, React, Python, MySQL, PostgreSQL — if it ran code, it got attention.

This wasn’t glamorous work. Updates broke things. Especially for our Data Science pipeline, which relied on Python, Hugging Face, and libraries that didn’t always play nicely with the latest patches.

But that friction was valuable. It revealed weak spots — the dusty corners of our infrastructure where “don’t touch it” had become policy.

We didn’t just patch systems; we patched habits.

Phase 3: Fighting the Resistance

Every security improvement has a social cost. When people’s workflows break, they push back.

To keep momentum, I had to balance empathy with persistence.
I made sure everyone understood why we were doing this: not to chase numbers, but to build resilience.

We also tracked small wins:

  • Vulnerabilities closed per week.
  • Systems that passed Arctic Wolf’s patch verification checks.
  • Improved Mean Time to Patch (MTTP) metrics.

The key was visibility and recognition. Every fix mattered, and every person who owned a system became part of the success story.

Phase 4: The Payoff

By late summer, the data spoke for itself.

  • Risk Score: 7.9 → 5.7
  • Coverage: 70% → 100%
  • Vulnerability count: Reduced by more than a third.

During our final weekly call, I shared the results with the team.
It wasn’t a corporate moment. It was a human one.

I thanked everyone for enduring the long patch cycles, the broken dependencies, and the late-night fixes. We had done what most organizations talk about but rarely sustain — we built a living culture of continuous improvement.

And the Arctic Wolf dashboard proved it.

What Made the Difference

If I had to summarize the “secret,” it wasn’t technology. It was consistency.

The pattern was simple:

  1. Measure: Start with the data you already have.
  2. Prioritize: Attack the biggest, easiest wins first.
  3. Automate where possible, but never stop auditing manually.
  4. Communicate progress weekly.
  5. Celebrate small victories.

Each week’s improvement reinforced the next. By the end, patching wasn’t a task — it was a reflex.

Lessons Learned

  1. Culture eats configuration for breakfast.
    You can’t script your way to better security posture. It takes buy-in and shared ownership.
  2. Visibility changes behavior.
    When people see the risk score drop — and know why — accountability becomes contagious.
  3. Continuous improvement > one-time hardening.
    The goal isn’t to be “secure.” The goal is to be getting more secure every week.
  4. Metrics are the mirror, not the mission.
    The Arctic Wolf dashboard was a reflection of our habits, not the source of them.

From Passion Project to Operational Model

What started as a personal goal turned into an operational framework we now use across multiple disciplines — patching, backups, data hygiene, and even cost optimization.

Because the truth is, cybersecurity improvement isn’t separate from business improvement. It’s the same muscle: discipline, iteration, and resilience.

That summer proved something I’d been saying for years:

“You can’t have security and convenience. But you can build habits that make security feel natural.”

Closing Thoughts

Our 7.9-to-5.7 journey wasn’t a one-time victory. It was the start of a mindset:
to treat cybersecurity as a living system — something you feed, monitor, and prune regularly.

When we hit 100% coverage, I didn’t feel finished. I felt responsible to keep it there.
Because risk never sleeps, and the score only matters if it drives change.

So if you’re leading a team, managing infrastructure, or just trying to move the needle, here’s what I’d say:

Start with what you can measure. Improve what you can control. And never stop patching — your systems or your habits.

Leave a comment

Brian N's avatar
I am a storage administrator, system administrator, network administrator, infrastructure architect, end user, novice programmer and I work in IT.