This podcast explores cybersecurity through use-inspired and data-driven research. Join hosts Jay and Wade as they discuss topics with those working to find incredible insights, tell awesome data-driven stories and are willing to share their work with the larger community.
Cyentia Institute: Cybersecurity and Data Science
Wade and Ben give Jay a "behind the scenes" look at the survey creation, collection, analysis and all the other work that went into the Cisco Security Outcomes Study that was released early December, 2020. https://blogs.cisco.com/security/introducing-the-new-cisco-security-outcomes-study
Jay, Wade, David and Ben get a little philosophical as they talk about vulnerability management and the new research included in Kenna's latest volume of the Prioritization to Prediction series. That research looks at the timeline and lifecycle of vulnerabilities, how quickly do patches come out? how quickly are CVEs published? when do vulnerability scanners start reporting and when do organizations start patching? All volumes (including the 6th volume discussed here) can be retrieved from https://www.kennasecurity.com/resources/prioritization-to-prediction-reports/
David, Jay, Ben and Wade discuss their recent research into extreme security events made possible by Visible Risk. The group discusses the takeaways and the various elements that stood out from the research. The research is freely available at https://www.cyentia.com/iris/
Chris Eng joins David, Ben and Jay to talk about Volume 11 of Veracode's State of Software Security. But rather than focusing on the various statistics, they focused on time-to-fix and how the various attributes of the development teams, applications and development environments affect the remediation timelines. https://www.veracode.com/state-of-software-security-report
In this "PhD Edition" of the Cyentia Podcast, Wade and Ben discuss recently published research examining the significance of companies exposing unsafe services to the Internet.
Our regular library update covering recent additions including cybersecurity research from the ITU, Sonatype Tenable, and more. This is the audiobook companion to our regular library update newsletter. For the newsletter sign up at https://bit.ly/cyentialibrary. As always, you can find the library at https://library.cyentia.com.
Our regular library update covering recent additions including research from the ITU, Sonatype Tenable, and more. This is the audiobook companion to our regular library update newsletter. For the newsletter sign up at https://bit.ly/cyentialibrary. As always, you can find the library at https://library.cyentia.com.
Our regular library update covering recent additions including research from Crypsis, RiskRecon, IBM, and more. This is the audiobook companion to our regular library update newsletter. For the newsletter sign up at https://bit.ly/cyentialibrary. As always, you can find the library at https://library.cyentia.com.
Our first library update covering recent additions including research from Hacker One and Bugcrowd, ESI Thoughtlab, Audit Analytics, Hiscox and Snyk. This is the audiobook version of what we share in the library newsletter.For the newsletter sign up at https://bit.ly/cyentialibrary. As always, you can find the library at https://library.cyentia.com.
The Cyentia Library has been overhauled and the new and improved library has been released at https://library.cyentia.com/. David has done quite a bit of work on the back end (and front end) to get this working and he's joined by Ben, Wade and Jay to talk about all about the new library site. When visiting the Cyentia Library, be sure to sign up for the Library newsletter, a low-volume (estimated at once every two weeks) series of updates highlighting new content and features of the library, delivered direct to your inbox!
Ben, Jay, David and Wade discuss the state of Open Source Software Security and focus on recent research we helped produce with Veracode. The report is available from Veracode at https://info.veracode.com/report-state-of-software-security-open-source-edition.html
Jay and Ben are joined by Daniel Woods. Daniel is a postdoctoral researcher at the University of Innsbruck in Austria. He received his doctorate titled “The Economics of Cyber Risk Transfer” from the Department of Computer Science at the University of Oxford. During his PhD, he visited the Security Economics Lab at the University of Tulsa as a Fulbright Scholar, and completed an internship with Willis Towers Watson. We discuss three papers from Daniel: Does insurance have a future in governing cybersecurity? The County Fair Cyber Loss Distribution: Drawing Inferences from Insurance Prices Cyber warranties: market fix or marketing trick?
We recently released some research with Risk Recon looking at the "ripple effect" of security incidents. David, Wade, Ben and Jay talk about the behind-the-scenes work and our favorite parts of the research. Get a copy of the research from https://www.riskrecon.com/ripples-across-the-risk-surface.
Jay, Wade, Ben and David come together to talk about Veracode's State of Software Security report Volume 10. It can be found at Veracode's website: https://www.veracode.com/state-of-software-security-report
Jay, Ben and David talk about the Vegas summer conferences and the Exploit Prediction Scoring System announced at Blackhat 2019. https://www.blackhat.com/us-19/briefings/schedule/index.html#predictive-vulnerability-scoring-system-16147
We welcome David Severski to both Cyentia and the podcast and discuss his outlook on security. Then we turn towards Blackhat 2019 where we have five events we are participating in! Find the full list of events we are doing at https://www.cyentia.com/events/
Jay and Wade are joined by Alex Pinto, Dave Hylender, Gabriel Basset and Suzanne Widup, the authors behind the 2019 Verizon Data Breach Investigations Report.
Jay, Wade and Ben talk vendor-driven research, exploring alternatives and beginning the discussion on what makes a good research publication (it'll be a longer discussion than this podcast!)
Ben Edwards recently joined Cyentia, and joins Jay and Wade on his first podcast. They talk about research for RiskRecon briefly discuss Ternary plots and heirarchical models (the research will be out soon). They also cover the Prioritization to Prediction Volume 3 research recently released in partnership with Kenna Security.
Dr. Andrew Coburn join Jay and Wade to talk about catastrophe modeling in security and his book “Solving Cyber Security: Protecting Your Company and Society”.
Wade and Jay are joined by Ben Krutzen and Erik Schneider from KPMG to discuss risk quantification and communication. Discussion is based around the Cyber Balance Sheet (https://go.focal-point.com/cyber-balance-sheet-report)
Chris Eng joins Wade and Jay to talk about the Veracode State of Software Security Volume 9 (http://veracode.com/soss). The trio cover DevSecOps and how Survival Analysis helps us to understand secure software development.
Wade and Jay are joined by Phil Roth, Senior Data Scientist at Endgame. We talk about machine learning in security and the new malware benchmark data Phil released called EMBER (https://github.com/endgameinc/ember)
Episode 8 feature Jon Laux from Aon Benfield discussing Cyber Insurance, it's roots and direction and ends with a very special musical interlude from our guest!
Jay and Wade talk cyber insurance models with Christos Mitas, Vice President, Model Development at RMS (www.rms.com). Risk communication, uncertainty and validation of model development and data quality are just some of the topics covered.
Wade is joined by Gautam Aggarwal who is Head of Products and Chief Marketing Officer with NSS Labs and they discuss the challenges and successes of measuring control effectiveness.
Eric Jardine joins the show to talk about his research into trends in cyber security. Dr. Jardine got his Ph.D in International Affairs from the Norman Paterson School of International Affairs, Carleton University and is currently an Assistant Professor of Political Science at Virginia Tech, and a Fellow at the Centre for International Governance Innovation.
Wade and Jay are joined by Eireann Leverett, a Senior Risk Researcher at the Centre for Risk Studies at the University of Cambridge and co-author of a study for the European Commission on the Internet of Things (http://weis2017.econinfosec.org/wp-content/uploads/sites/3/2017/05/WEIS_2017_paper_23.pdf).
We are joined by Sasha Romanosky, a policy researcher at RAND corporation and currently serving as a Cyber Policy Advisor for the US Department of Defense. In this episode we talk about two excellent papers from Sasha, "Examining the Costs and Causes of Cyber Incidents" and "Content Analysis of Cyber Insurance Policies: How do carriers write policies and price cyber risk?" Please note that Sasha's comments represent his own views and not those of the DoD.
Wade and Jay talk about the Q1 2017 State of the Internet / Security report from Akamai with Martin Mckeay. Martin is a well seasoned professional dedicated to spreading awareness about security and privacy. He is the host and author of a pair of the longest running podcasts and blogs in the security industry, the Network Security Podcast and the Network Security Blog. Find the State of the Internet/Security report at https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
Allison Miller joins Jay and Wade to discuss the first public research out of Cyentia Institute.
This is the inaugural episode of the new podcast from the Cyentia Institute. In this very brief episode we introduce the podcast and our work.