Podcasts about data driven security

Finding business today is difficult but it is not impossible. In this episode, Mark speaks with Ron Worman, Founder of The Sage Group and Managing Director of The Great Conversation. Ron talks about what you can do to find clients who want to work with you and provides actionable tips you can apply today.He emphasizes that data is gold and that the EP industry will look drastically different 5 years from now. The secret is to be adaptable. You can prepare all you want, but how you deal with the realities of change matters. In a nutshell, Ron challenges you to reinvent yourself in form and function. Tune in as Ron discusses knowing what your clients want and adapting to it on The Fearless Mindset Podcast.GOLDEN NUGGETSClient yes's and no's are GOOD, maybes are BAD - Ron: "Yes's are good, no's are good. Maybes will kill you because the velocity of goodness will not stand by and let you stay in business if you have too many maybes."A layoff can be a blessing to recalibrate your skillset - Ron: "If you're one of those layoffs, this isn't about your identity as a person. This is about a recalibration of what you do and cares about and where it can be received in a valuable way. So take it as a gift that you've been given, to recalibrate to a place where you can see your personal value integrated into your professional value."Adaptability and agility are the secrets to future-proofing yourself - Ron: "A little secret for all of you who are learning skillsets today; you will be disrupted at some point. So your main skillset is not what you learn in college or in an associate's degree...  That's not your main skill set. Your main skillset is adaptation and agility. You got to learn to reinvent as the changes in the world come."Get to know more about Ron:LinkedIn | The Great ConversationTo hear more episodes of The Fearless Mindset podcast, you can go to https://the-fearless-mindset.simplecast.com/ or listen to major podcasting platforms such as Apple, Google Podcasts, Spotify, etc. You can also subscribe to the Fearless Mindset YouTube Channel to watch episodes on video.

Sometimes practitioners feel "stuck" with their information security program. Is it possible to break free? To innovate security operations? The answer may be found in the form of advanced analytics. Let's find out.____________________________GuestsKaley ColemanOn LinkedIn | https://www.linkedin.com/in/kaley-coleman-85a31840/Chuck BrooksOn LinkedIn | https://www.linkedin.com/in/chuckbrooks/On Twitter | https://twitter.com/ChuckDBrooksOn Facebook | https://www.facebook.com/chuck.brooks.10485George PlatsisOn LinkedIn | https://www.linkedin.com/in/gplatsis/On Twitter | https://twitter.com/gplatsis____________________________This Episode's SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________Resources ____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-securityAre you interested in sponsoring an ITSPmagazine Channel?

Security threats are everywhere. To tackle these threats we can gather and analyze information about potential attacks. Barbara Kay, Senior Director of Security Product at ExtraHop, explained internal and external threats that systems can be exposed to. We talked about different types of threats and how these can be identified using machine learning. Barbara also explained the product development strategy for products in security. Prior to working ExtraHop, Barbara led security operations market research and product strategy for McAfee and was responsible for the threat intelligence and analytics solutions, as well as the security information and event management.

In this Podcast, Jay talks about the landscape of Information Security and how businesses are preparing to address their cybersecurity challenges. This is a great podcast for anyone interested in learning about best practices when it comes to managing infrastructure security for their organization. Timeline: 0:29 Jay's journey. 3:18 What's Scientia Institute? 8:28 The book Data-Driven Security. 10:42 The aha moment while writing the book. 11:53 High points of Jay's book. 14:08 Security level of a typical business today. 16:22 Thoughts on how companies can understand risk. 19:50 Balancing mitigation of threat vs. business continuity. 25:33 Treating security as a financial problem. 27:25 Security predictability and insurance. 28:44 Who should take responsibility for risk and security? 30:15 Measuring the risk of company infrastructure. 31:33 Tackling standards and regulations. 33:04 The concept of best practices. 34:38 The maturity of the model in the security side of businesses. 37:55 The lower limit and higher limit of security. 39:50 Resources to learn about security. 41:11 Who's a good security candidate? 42:20 Jay's favorite read. 43:36 Examples of companies who're doing well in security. 45:28 What's next in the world of security. 47:40 Closing remarks. Podcast link: https://futureofdata.org/understanding-data-analytics-information-security-jayjarome-bitsight/ About #Podcast: #FutureOfData podcast is a conversation starter to bring leaders, influencers, and lead practitioners to discuss their journey to create the data-driven future. Wanna Join? If you or any you know wants to join in, Register your interest @ http://play.analyticsweek.com/guest/ Want to sponsor? Email us @ info@analyticsweek.com Keywords: FutureOfData Data Analytics Leadership Podcast Big Data Strategy

The security challenges of a particular business may often be proportional to the amount of data they need to capture, process, and interpret. As businesses grow their security needs become ever more complex and challenging as the volume, velocity, and variety of data increases. Forward thinking organizations using data science to better process and interpret vast data stores both on-premise and in the cloud to identify threats and intrusions to their local networks and beyond. Join us to participate in a dynamic discussion from practitioners with deep experience in the areas of data science or information security including: • Bob Rudis, Chief Security Data Scientist, Rapid7, frequent blogger at rud.is, co-author of Data Driven Security, and ardent R open source contributor. Follow Bob on the web here. Previously, Bob was at Verizon and responsible for the Data Breach Investigations Report (DBIR) known in the security industry as "an unparalleled source of information on cybersecurity threats." • Mark Gerner, Sr. Economic Data Scientist / Analytics Leader with 10+ years of experience designing, implementing, and communicating the results of analyses in support of customer engagement, strategic planning, and programmatic portfolio management related activities. • Kalpesh Sheth, Co-founder & CEO, Yaxa, With 20+ years of technical expertise in data networking, network security, Intelligence Surveillance and Reconnaissance (ISR), and Cluster Computing. Before co-founding Yaxa, Sheth was Senior Technical Director at DRS Technologies (acquired by Finmeccanica S.p.A.), Director at RiverDelta Networks (acquired by Motorola and now part of Arris) and fifth employee of Digital Technology (acquired by Agilent Technologies). He is a co-author of VITA 41.6 an ANSI standard, and has spoken at numerous trade conferences as an expert panel member. Venue Sponsor: @BoozAllen Media Sponsor: X.TAO.ai About #Podcast: #FutureOfData podcast is a conversation starter to bring leaders, influencers and lead practitioners to come on show and discuss their journey in creating the data driven future. Wanna Join? If you or any you know wants to join in, Register your interest @ http://play.analyticsweek.com/guest/ Want to sponsor? Email us @ info@analyticsweek.com Keywords: FutureOfData Data Analytics Leadership Podcast Big Data Strategy

Episode 30 In this episode, Jay and Bob talk about the 2016 Verizon Data Breach Investigations Report (DBIR). But rather than talk about the insights and data analysis they focus in on the data visualizations. They are joined by Lane Harrison from Worcester Polytechnic Institute (WPI) and Ana Antanasoff and Gabrial Bassett from Verizon's Security Research Team. Verizon DBIR

Episode 29 In this episode, Jay and Bob talk about power laws and their application in cyber security. First, they talk with Marshall Kuypers, a PhD candidate in Management Science and Engineering at Stanford University and discuss power laws in general. Second, they sit down with Michael Roytman, Data Scientist and Kenna Security to talk about power laws in cyber security. Power Laws Probability Distributions

Episode 28 In this episode, Jay sat down with Doug Hubbard and Richard Seiersen to talk about their upcoming book "How to Measure Anything in Cybersecurity Risk". Bob talks about the rOpenSci unconference and the two talk about 2 recent publications. rOpenSci rNOAA When-ish is my Bus (pdf) Dell Secureworks Underground Hacker Marketplace Report How to Measure Anything in Cybersecurity Risk

Episode 27 In this post-RSA conference episode, Jay participated with StoryCorps along with Wade Baker and the two reflected on their time working together on the Verizon Data Breach Investigations Report. Find out more about StoryCorps at https://storycorps.org/

Episode 26 In this episode, Bob sits down with co-workers on the data science team at Rapid 7. They explore the future of security data science, Heisenberg and Project Sonar. Keep on top of Heisenberg developments at http://community.rapid7.com/ Find out more about Project Sonar at http://sonar.labs.rapid7.com/ and http://scans.io/ Get tools to work with both at http://github.com/rapid7

Episode 25 In this episode, Bob & Jay talk amongst themselves. First they cover some recent work from Jay looking at Peer-to-Peer traffic and then they transition into conferences in 2016 with some element of being Data-Driven. FloCon 2016 (you just missed it!) January 9–12, 2017 in San Diego, CA http://www.cert.org/flocon/ ShmooCon 2016 http://shmoocon.org/ January 15-17, 2016 in Washington, D.C. 2016 Cyber Risk Insights Conference http://www.advisenltd.com/events/conferences/09/02/2016-cyber-risk-insights-conference-london/ February 9, 2016 in London Network and Distributed System Security (NDSS) Symposium February 21-24, 2016 in San Diego, California RSA Conference 2016 http://www.rsaconference.com/events/us16 February 29 - March 4, 2016 in San Francisco, CA 1st IEEE European Sumposium on Security & Privacy http://www.ieee-security.org/TC/EuroSP2016/ March 21-24, 2016 in Saarbrücken, GERMANY 37th IEEE Symposium on Security & Privacy http://www.ieee-security.org/TC/EuroSP2016/ May 23-25, 2016 in San Jose, CA 11th Annual Cyber and Information Security Research (CISR) Conference http://www.cisr.ornl.gov/cisrc16/ April 5-7, 2016 in Oak Ridge, TN 15th Annual Workshop on the Economics of Information Security (WEIS) http://weis2016.econinfosec.org/ June 13-14, 2016 in Berkeley, CA USA International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA 2016) http://c-mric.org/csa2016 June 13-14, 2016 in London 25th USENIX Security Symposium https://www.usenix.org/conference/usenixsecurity16 August 10–12, 2016, in Austin, TX. SIRAcon http://societyinforisk.org/ October-ish 2016 (TBA) The Fifth International Conference on Informatics and Applications (ICIA2016) http://sdiwc.net/conferences/fifth-international-conference-informatics-applications/ November 14-16, 2016 in Takamatsu, Japan 2015 Annual Computer Security Applications Conference http://www.acsac.org/2015/ December 5-9, 2016 in Los Angeles, CA Data-Driven Security: The Blog Data-Driven Security: The Book

Episode 24 In this episode, Bob & Jay talk to Charles Givre who has been doing training sessions for professionals trying to learn data science and recently did a training at a recent BlackHat event. Data-Driven Security: The Blog Data-Driven Security: The Book

Episode 23 In this episode, Bob & Jay talk tools (other than R and Python) for working with data: Excel, Tableau and AWS cloud services. Quick Look plugins Tableau AWS Main RSS Feed EC2 Official Feed Quick Look plugins Data-Driven Security: The Blog Data-Driven Security: The Book

I recently read Data Driven Security: Analysis, Visualization and Dashboards by Jay Jacobs (@jayjacobs) and Bob Rudis (@hrbrmstr). The book is easy to read and a very good introduction into the world of data and security. Both Jay and Bob were kind with their time when I had questions about exercises in the books. After reading the book I decided to have Bob on to talk more about data driven security.

Episode 22 In this episode, Bob & Jay dissect the looming corpse of security data science with special guest Allison Miller. Data mining firewall logs : Principal Component Analysis Machine Learning Is Cybersecurity's Latest Pipe Dream Data-Driven Security: The Blog Data-Driven Security: The Book

Episode 21 In this episode, Bob & Jay talk data-driven security conferences with Lane Harrison, an assistant professor in Computer Science at Worcester Polytechnic Institute. SIRACon VizSec

Episode 20 In this episode, Bob & Jay talk security research with Ben Edwards, a security researcher with the University of New Mexico. Ben's List of Research Papers The Complex Science of Cyber Defense Hype and Heavy Tails: A Closer Look at Data Breaches (pdf)

Episode 19 In this episode, Bob & Jay talk #rstats with Oliver Keyes from the Wikimedia Foundation. Wikimedia foundation - https://wikimediafoundation.org/wiki/Home Oliver on Twitter - https://twitter.com/quominus Oliver on GitHub - https://github.com/ironholds R Talk Podcast - http://rtalk.org/ *Not* Oliver's #rstats podcast: http://www.r-podcast.org/ EARL 2015 Boston - http://www.earl-conference.com/boston/ rOpenSec - https://github.com/rOpenSec

Episode 18 In this episode, Bob & Jay have a heated discussion about visualization and security with Brandon Dixon of PassiveTotal Brandon's primary research involves data analysis, tool development and devising strategies to counter threats earlier in their decision cycle. Brandon maintains a blog at http://blog.9bplus.com where he reports on targeted attacks, open source threat data and analysis tools. His research on various security topics has gained accolades from many major security vendors and fellow researchers. Throughout the years, Brandon has developed several public tools, most notably PassiveTotal, PDF X-Ray and HyperTotal. Graphical Perception and Graphical Methods for Analyzing Scientific Data (Cleveland/McGill) Automating the Design of Graphical Presentations of Relational Information BrailleR Brandon Dixon - @9bplus PassiveTotal PassiveTotal Blog The post that started it all! Neil Harbisson - I listen to color Don Norman - The design of everyday things D3.js SIMILE Timeline Cal-Heatmap

Episode 16 In this episode, Bob & Jay get schooled on their 2015 DBIR data visualizations by Lane Harrison VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/

Episode 17 In this episode, Bob & Jay continue to get schooled on their 2015 DBIR data visualizations by Lane Harrison VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/

Episode 15 In this episode, Bob & Jay provide your data-driven guide to BSides SF & RSA 2015 https://bsidessf2015.sched.org/event/2111124302d7368414eaff6e4e4ddf50 https://bsidessf2015.sched.org/event/d67eb601f2047dbec37f7de91c5e18a9 https://www.rsaconference.com/events/us15/agenda/sessions/1736/vulnerability-management-nirvana-a-study-in https://www.rsaconference.com/events/us15/agenda/sessions/1672/security-data-science-from-theory-to-reality https://www.rsaconference.com/events/us15/agenda/sessions/1581/majority-report-making-security-data-actionable-and https://www.rsaconference.com/events/us15/agenda/sessions/1601/cookin-up-metrics-with-alex-and-david-a-recipe-for https://www.rsaconference.com/events/us15/agenda/sessions/1887/before-and-beyond-the-breach-new-research-in-the https://www.rsaconference.com/events/us15/agenda/sessions/1524/security-metrics-that-your-board-actually-cares https://www.rsaconference.com/events/us15/agenda/sessions/2006/data-science-transforming-security-operations https://www.rsaconference.com/events/us15/agenda/sessions/1538/pragmatic-metrics-for-building-security-dashboards https://www.rsaconference.com/events/us15/agenda/sessions/1679/the-kelvin-mantra-implementing-data-driven-security https://www.rsaconference.com/events/us15/agenda/sessions/1672/security-data-science-from-theory-to-reality

Episode 14 In this episode, Jay & Bob get a data-driven conference review from Mike Sconzo & Jason Trost Jason Trost Mike Sconzo Flocon 2015 Proceedings ShmooCon 2015 MC2 Workshop on Data-Driven Approaches to Security and Privacy This podcast is a companion to Data-Driven Security (the book) & Data-Driven Security (the blog). You can find us on Twitter at @ddsecblog / @ddsecpodcast & directly at @hrbrmstr / @jayjacobs.

Episode 13 In this episode, Jay & Bob deconstruct VizSec 13 with Lane Harrison & Sophie Engle Sophie Engle Lane Harrison @VizSec Website: VizSec.org VizSec papers site (from @f2cx)

Episode 12 In this episode, Jay & Bob put the “Myths of Security Data Science” to the test with three denizens of the SDS Rogues Gallery (Alex Pinto, Michael Roytman & David Severski) + answer listener questions and give a shout out to Seaborn Watch the UNEDITED BLOOPER REEL! Alex Pinto @mlsecproject Michael Roytman @riskio David Severski David's Blog Seaborn Data-Driven Security 30% off!

Episode 11 In this episode, Jay & Bob talk Squirrels, Pigs & Maps with Preeminent Data Scientist Jason Trost from ThreatStream, and take a look at what's made the headlines in the data science community since last show. Watch the UNEDITED BLOOPER REEL! Jason Trost covert.io blog ThreatStream Clairvoyant Squirrel: Large Scale Malicious Domain Classification Binary Pig Binary Pig github repo Modern Honey Network Roll Your Own IP Attack Graphs with IPew Map or Don't Map DAVIX 2014 Released Lynn Cherny "roundup of recent text analytics & vis work" How a fraud detection algorithm consipred to ruin my recent trip Collecting all IPv4 WHOIS records in Python Linked Small Multiples

Episode 10 In this episode, Jay & Bob have a community discussion with John Langton & Alex Baker about their security data analysis & visualization startup: VisiTrend, and take a look at what's made the headlines in the data science community since last show. Resources / people featured in the show: VisiTrend - visitrend (twitter) Data science can't be point and click In-depth introduction to machine learning in 15 hours of expert videos Data Playlists Running RStudio via Docker in the Cloud Building a DGA Classsifier (in R) - Part 1 Building a DGA Classsifier (in R) - Part 2 Building a DGA Classsifier (in R) - Part 3 Link Insights from VisiTrend VERIS/VCDB general vis - we have a tree map version of the actors, actions, assets, and attributes breakdown which better shows the distribution of events (description on snapshot). Snapshot - can be posted and viewed without logging in Actual analysis and data you can load after signing up and logging in VERIS/VCDB clustering - each square is an event in the data set. Squares are first grouped based on # of employees (e.g. companies with 1k employees will be grouped together), and then based on industry. Squares are colored based on clustering output - we found 7 clusters. We will provide more detail on what defines these clusters in a blog post. It’s interesting to see that particular industries do have particular attack types according to clustering, shown by blocks of similar color. Snapshot - Actual analysis and data Honeypot overview - this is really cool (I think). Black, square nodes are the honey pots. Node size is based on the # of packets they’re sending. Computers use more different ports are colored red (big red guy doing massive port scan drowns out the others). The force directed layout clusters nodes if they hit the same honeypots. For instance, click a node in an “outer ring” twice to highlight the honeypot it’s hitting, and it will be one. All other nodes in that ring hit the same one. Double click one of the center nodes and you’ll se they’re hitting all of the honeypots. Treemap groups nodes according to subnet addressing. The timeline view shows time-based histogram of packets coming in colored by destination port. The red guy is selected in the snapshot, so you can see that he blasts all the honey pots at relatively same time. Snapshot - Actual analysis and data Honeypot port highlighting - Square nodes are attackers, and circle nodes are ports. Size of the port is how many times packets were sent to that port. Mouse over big purple circle and you see port 1433 is the most popular. You could double click it to see all machines hitting that port. There are two color layers for the node-link graph, you can toggle between them. They both show a version of variability over time (more red = more variable port usage). Treemap shows subnet addressing again but colors a green heat map based on # of diff ports each machine uses. Size based on # of packets they send. Snapshot - Actual analysis and data Finally, a great mentor and visionary pioneer of InfoVis named Matt Ward passed away last weekend. He wrote the most recent, comprehensive infovis book with some other really big guys in the field including Keim and Grinnel. Link to the book.

Episode 9 In this episode, Jay & Bob have a late night conversation with Mike Sconzo from Click Security about what got him into security data science along with a great discussion about machine learning and round out the show with a data science internet roundup Resources / people featured in the episode: Mike Sconzo - @sooshie B-Sides Machine Learning Click Security Data Hacking Data science: how is it different to statistics? - IMS Bulletin The Importance Of 'Janitorial Work’ In Research - Data Science L.A. blog Building a Spam filter with R - ThinkToStart 10 FREE Resources to Learn Statistics - Marketing Distillery Predictive Analytics Primer - HBR GitHut - Carlo Zapponi

Episode 8 In this episode, Jay & Bob invite “The Gang” - Russell Thomas, Michael Roytman & Alex Pinto - back on to see what they’ve been up to since January, including recent talks and research projects, plus give a sneak peak into SIRAcon 2014 where they’ll all be presenting! Resources / people featured in the episode: Michael Roytman - @mroytman The Power Law of Information Alex Pinto - @alexcpsec Measuring the IQ of your Threat Intelligence feeds Secure Because Math Russell Thomas - @mrmeritology 10 Dimensions of Security Performance for Agility & Rapid Learning The dynamics of correlated novelties See The Gang at SIRAcon 2014 Measuring the IQ of your Threat Intelligence feeds - http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/gt01-measuring-the-iq-of-your-threat-intelligence-feeds-alex-pinto-kyle-maxwell Secure Because Math - http://www.slideshare.net/AlexandrePinto10/secure-because-math-a-deepdive-on-machine-learningbased-monitoring-securebecausemath

Episode 7 In this episode, Jay & Bob enter the echo chamber with Andrew Hay and Thibault Reuille of OpenDNS to talk about their new security data analysis/visualization tool - OpenGraphiti - being announced at BlackHat. Listen in to learn about how graph analysis can take your security practice to a whole other dimension. Resources / people featured in the episode: BlackHat Talk + Speaker profile OpenDNS + @opendns Thibault Reuille Andrew Hay Skyler Hawthorne OpenGraphiti + (blog post) + (github repo) NetworkX igraph Gehphi Neo4j Coursera

Episode 6 In this episode, Jay & Bob have a late-night chat with Stephen Boyer, CTO of BitSight about discerning information about the security health of an organization solely through what can be publicly observed and the tools & infrastructure such an undertaking requires. You'll also hear Stephen's thoughts on reproducible security research, what he looks for in a data scientist and how to communicate results clearly & effectively. Resources / people featured in the episode: Stephen's Twitter Handle (@swboyer) BitSight - http://bitsighttech.com/ BitSight Insights - (Most recent report) Python IPython Data breach notifications BitSight post. They are tracking the legal side pretty closely and reference some work where we published FOIA results in healthcare. Info about reproducible research

Episode 5 In this episode, Jay & Bob sit down with David Severski, Manager of the Information Security program at Seattle Children's Hospital to talk about the challenges & rewards of building a data-driven security program from the ground up. Along the way, they cover education, tools, engaging the community and what lies ahead for data-driven security. Resources / people featured in the episode: David Severski's Blog - http://blog.severski.net/ Building a Log Analysis Pipeline (David's "ELK" talk) Coursera (MOOC with many data analysis courses) UW Certificate in Data Science You will be equipped with the fundamental tools, techniques and practical experience to acquire valuable insights from data sets at any scale – from gigabytes to petabytes. The Phoenix Project Rich Mogull + https://securosis.com/about/team Andrew Hay Chef, Puppet, Vagrant

Episode 4 In this episode Bob & Jay talk with Kymberlee Price @kym_possible about her work with vulnerability data at BlackBerry and her real-life superheroic philanthropic work. Resources / people featured in the episode: One Spark Foundation - https://www.facebook.com/onesparkcanstartafire [FB] Beading Divas (Greyhound and general animal welfare advocates) Help Aidan Love Fight Cancer Project Genesis (advocacy and support for victims of human trafficking, Seattle has the third highest rate of underage sex trafficking in the US) Homeless shelters - no specific link - I mentioned the Seattle Tent City, but there are countless organizations in local communities worldwide that can use your help to prevent homelessness, and help those who are homeless. Spots & Stripes Exotic Cat Sanctuary - https://www.facebook.com/spotsandstripesbengalcatrescue [FB] Hackers for Charity Johnny is such an amazing guy, I'm honored to call him my friend. He would tell you he isn't a superhero either. That is one of the things I love about all my inspirational friends. None of them do this for their ego or to promote their self image/social standing. They do it because they believe it is the right thing to do, and it makes them feel good to know they have made a difference for another person (or animal) DataKind

Episode 3 METRICON 9/RSA 2014 EDITION! In this episode Bob & Jay debrief from their exploits in San Francisco, including an in-depth look at the happenings at METRICON 9 and showcasing some the data-driven companies on the RSA show floor. They also discuss some recent blog posts and give a preview of upcoming podcast guests. Resources / people featured in the episode: METRICON 9 Agenda METRICON 9 - Storified Kymberlee Price Michael Roytman Paper by Roytman and Geer Adopting A Real-Time, Data-Driven Security Practice Stephen Boyer Christophe Huygens Geoffrey Hill Katherine Brocklehurst Russell Thomas Patrick Florer ClickSecurity (Data Hacking) AlienVault / Jaime Blasco VisiTrend / Dr. John T Langton

In this episode Jay and Bob talk about their new book A discussion on using data as 'supporting evidence' rather than gut feelings Do we have actuarial quality data to answer key security questions? A discussion on "asking the right question", and why it's THE single most important thing to do Bob attempts to ask security professionals to use data we already have, to be data-driven Jay tells us why he wouldn't consider "SQL Injection" a "HIGH" risk ranking - and why data challenges what you THINK you know Quick shout out to Allison Miller on finding the little needles in the big, big haystack We think about why security as an industry needs to start looking outside of itself to get its data - now Jay discusses how there is a definite skills shortage in working with large data sets, and doing analysis I ask whether there is a chicken and egg problem in large-scale data analysis Bob brings up the "kill chain" and whether we really need real-time data analysis for attacks Bob makes a pitch for having a "Cyber CDC" ... stop laughing Jay laments the absolute bonkers problems dealing with information sharing (when you don't have any to share) Jay urges you to "count and compare"   Guests Jay Jacobs ( @JayJacobs ) - www.linkedin.com/pub/jay-jacobs/3/896/4b0, Jay is currently a Principal at Verizon Business Bob Rudis ( @hrbrmstr ) - www.linkedin.com/in/hrbrmstr, Director. Enterprise Security, IT Risk Management at Liberty Mutual Insurance & Co-author of Data-Driven Security

Episode 2! In this episode of the Data Driven Security Podcast, Bob and Jay review the DDS coverage of Harvard's "Weathering the Data Storm" symposium including some specific focus on the IPython talk by Fernando Pérez, Cynthia Rudin's "Manhole Event" paper and the pretty consistent theme of "need to prove your models in little data before driving them to scale". Then, they execute a whirlwind review of recent blog posts, give a preview of an upcoming talk at RSA by Jay & Wade Baker, plus give a preview of upcoming DDS blog and podcast topics. NOTE: An enhanced, video version of Episode 2 is available on YouTube. Resources mentioned in the episode: Weathering the Data Storm symposium DDS Tweetscription of the symposium with links to resources covered in the talks openPERT The new DDS Data Set Collection DDS' new short domain Review of recent DDS blog posts including the "marx" data set, malicious cartography and data-driven risk analysis SolvoMediocris - "FAIR"-like risk analysis tools built by DDS Jay & Bob's ZeroAccess collaboration More ZeroAccess machinations Facebook/Princeton Article with mixed ggplot and Excel graphics

Episode 1 In this episode, Bob & Jay invite Alex Pinto (@alexcpsec), Michael Roytman (@mroytman) & Russ Thomas (@mrmeritology) on to the show to discuss what makes up "security data science". They delve into the tools of the trade, posit on future of the intersection of security and data science and relate their own personal & professional experiences trying to introduce "data science" into infosec. Bob & Jay also talk about recent blog posts and do a mini-review of the recently published book "Data Smart". Watch along "live" with the un-edited "director's" cut. Topic/resources mentioned in this episode: Russ Thomas - https://twitter.com/mrmeritology - http://exploringpossibilityspace.blogspot.com/ Alex Pinto - https://twitter.com/alexcpsec Michael Roytman - https://twitter.com/mroytman - http://about.me/michaelroytman MLSec Project - https://mlsecproject.org KDD - Knowledge Discovery and Data Mining Conference - http://www.kdd.org/ The (in)famous KDD’99 dataset - http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html Alex's version of the Data Science Venn Diagram - http://l.rud.is/1af3MLS Alex's xkcd shirt - http://store-xkcd-com.myshopify.com/collections/apparel/products/self-reference Measuring vs Modeling - https://www.usenix.org/system/files/login/articles/14_geer-online_0.pdf VCDB: Top 10 Actions by Industry - http://datadrivensecurity.info/blog/posts/2014/Jan/top10-threat-actions/ Wizard Pro - http://www.wizardmac.com/ Julia - http://julialang.org/ The Data Science Venn Diagram - http://drewconway.com/zia/2013/3/26/the-data-science-venn-diagram Data Smart - http://www.amazon.com/Data-Smart-Science-Transform-Information/dp/111866146X Risk I/O - https://www.risk.io/ Make sure to bookmark Data Driven Security blog and podcast and check out the upcoming book.

Episode 0 In this inaugural episode of the Data Driven Security Podcast, Bob and Jay introduce the podcast and themselves, showcase the new Data Driven Security blog and shill their upcoming book: Data Driven Security being published by Wiley Press in 2014. Resources mentioned in the episode: DDS blog DDS inaugural blog post Buy the book! Jay's personal blog Bob's personal blog Nathan Yau DDSec Home