Data Driven Security

Episode 10 In this episode, Jay & Bob have a community discussion with John Langton & Alex Baker about their security data analysis & visualization startup: VisiTrend, and take a look at what's made the headlines in the data science community since last show. Resources / people featured in the show: VisiTrend - visitrend (twitter) Data science can't be point and click In-depth introduction to machine learning in 15 hours of expert videos Data Playlists Running RStudio via Docker in the Cloud Building a DGA Classsifier (in R) - Part 1 Building a DGA Classsifier (in R) - Part 2 Building a DGA Classsifier (in R) - Part 3 Link Insights from VisiTrend VERIS/VCDB general vis - we have a tree map version of the actors, actions, assets, and attributes breakdown which better shows the distribution of events (description on snapshot). Snapshot - can be posted and viewed without logging in Actual analysis and data you can load after signing up and logging in VERIS/VCDB clustering - each s

Episode 9 In this episode, Jay & Bob have a late night conversation with Mike Sconzo from Click Security about what got him into security data science along with a great discussion about machine learning and round out the show with a data science internet roundup Resources / people featured in the episode: Mike Sconzo - @sooshie B-Sides Machine Learning Click Security Data Hacking Data science: how is it different to statistics? - IMS Bulletin The Importance Of 'Janitorial Work’ In Research - Data Science L.A. blog Building a Spam filter with R - ThinkToStart 10 FREE Resources to Learn Statistics - Marketing Distillery Predictive Analytics Primer - HBR GitHut - Carlo Zapponi

Episode 8 In this episode, Jay & Bob invite “The Gang” - Russell Thomas, Michael Roytman & Alex Pinto - back on to see what they’ve been up to since January, including recent talks and research projects, plus give a sneak peak into SIRAcon 2014 where they’ll all be presenting! Resources / people featured in the episode: Michael Roytman - @mroytman The Power Law of Information Alex Pinto - @alexcpsec Measuring the IQ of your Threat Intelligence feeds Secure Because Math Russell Thomas - @mrmeritology 10 Dimensions of Security Performance for Agility & Rapid Learning The dynamics of correlated novelties See The Gang at SIRAcon 2014 Measuring the IQ of your Threat Intelligence feeds - http://www.irongeek.com/i.php?page=videos/bsideslasvegas2014/gt01-measuring-the-iq-of-your-threat-intelligence-feeds-alex-pinto-kyle-maxwell Secure Because Math - http://www.slideshare.net/AlexandrePinto10/secure-because-math-a-deepdive-on-machine-learningbased-monitoring-securebecausemath

Episode 7 In this episode, Jay & Bob enter the echo chamber with Andrew Hay and Thibault Reuille of OpenDNS to talk about their new security data analysis/visualization tool - OpenGraphiti - being announced at BlackHat. Listen in to learn about how graph analysis can take your security practice to a whole other dimension. Resources / people featured in the episode: BlackHat Talk + Speaker profile OpenDNS + @opendns Thibault Reuille Andrew Hay Skyler Hawthorne OpenGraphiti + (blog post) + (github repo) NetworkX igraph Gehphi Neo4j Coursera

Episode 6 In this episode, Jay & Bob have a late-night chat with Stephen Boyer, CTO of BitSight about discerning information about the security health of an organization solely through what can be publicly observed and the tools & infrastructure such an undertaking requires. You'll also hear Stephen's thoughts on reproducible security research, what he looks for in a data scientist and how to communicate results clearly & effectively. Resources / people featured in the episode: Stephen's Twitter Handle (@swboyer) BitSight - http://bitsighttech.com/ BitSight Insights - (Most recent report) Python IPython Data breach notifications BitSight post. They are tracking the legal side pretty closely and reference some work where we published FOIA results in healthcare. Info about reproducible research

Episode 5 In this episode, Jay & Bob sit down with David Severski, Manager of the Information Security program at Seattle Children's Hospital to talk about the challenges & rewards of building a data-driven security program from the ground up. Along the way, they cover education, tools, engaging the community and what lies ahead for data-driven security. Resources / people featured in the episode: David Severski's Blog - http://blog.severski.net/ Building a Log Analysis Pipeline (David's "ELK" talk) Coursera (MOOC with many data analysis courses) UW Certificate in Data Science You will be equipped with the fundamental tools, techniques and practical experience to acquire valuable insights from data sets at any scale – from gigabytes to petabytes. The Phoenix Project Rich Mogull + https://securosis.com/about/team Andrew Hay Chef, Puppet, Vagrant

Episode 4 In this episode Bob & Jay talk with Kymberlee Price @kym_possible about her work with vulnerability data at BlackBerry and her real-life superheroic philanthropic work. Resources / people featured in the episode: One Spark Foundation - https://www.facebook.com/onesparkcanstartafire [FB] Beading Divas (Greyhound and general animal welfare advocates) Help Aidan Love Fight Cancer Project Genesis (advocacy and support for victims of human trafficking, Seattle has the third highest rate of underage sex trafficking in the US) Homeless shelters - no specific link - I mentioned the Seattle Tent City, but there are countless organizations in local communities worldwide that can use your help to prevent homelessness, and help those who are homeless. Spots & Stripes Exotic Cat Sanctuary - https://www.facebook.com/spotsandstripesbengalcatrescue [FB] Hackers for Charity Johnny is such an amazing guy, I'm honored to call him my friend. He would tell you he isn't a superhero either. That is one

Episode 3 METRICON 9/RSA 2014 EDITION! In this episode Bob & Jay debrief from their exploits in San Francisco, including an in-depth look at the happenings at METRICON 9 and showcasing some the data-driven companies on the RSA show floor. They also discuss some recent blog posts and give a preview of upcoming podcast guests. Resources / people featured in the episode: METRICON 9 Agenda METRICON 9 - Storified Kymberlee Price Michael Roytman Paper by Roytman and Geer Adopting A Real-Time, Data-Driven Security Practice Stephen Boyer Christophe Huygens Geoffrey Hill Katherine Brocklehurst Russell Thomas Patrick Florer ClickSecurity (Data Hacking) AlienVault / Jaime Blasco VisiTrend / Dr. John T Langton

Episode 2! In this episode of the Data Driven Security Podcast, Bob and Jay review the DDS coverage of Harvard's "Weathering the Data Storm" symposium including some specific focus on the IPython talk by Fernando Pérez, Cynthia Rudin's "Manhole Event" paper and the pretty consistent theme of "need to prove your models in little data before driving them to scale". Then, they execute a whirlwind review of recent blog posts, give a preview of an upcoming talk at RSA by Jay & Wade Baker, plus give a preview of upcoming DDS blog and podcast topics. NOTE: An enhanced, video version of Episode 2 is available on YouTube. Resources mentioned in the episode: Weathering the Data Storm symposium DDS Tweetscription of the symposium with links to resources covered in the talks openPERT The new DDS Data Set Collection DDS' new short domain Review of recent DDS blog posts including the "marx" data set, malicious cartography and data-driven risk analysis SolvoMediocris - "FAIR"-like risk analysis tools built by

Episode 1 In this episode, Bob & Jay invite Alex Pinto (@alexcpsec), Michael Roytman (@mroytman) & Russ Thomas (@mrmeritology) on to the show to discuss what makes up "security data science". They delve into the tools of the trade, posit on future of the intersection of security and data science and relate their own personal & professional experiences trying to introduce "data science" into infosec. Bob & Jay also talk about recent blog posts and do a mini-review of the recently published book "Data Smart". Watch along "live" with the un-edited "director's" cut. Topic/resources mentioned in this episode: Russ Thomas - https://twitter.com/mrmeritology - http://exploringpossibilityspace.blogspot.com/ Alex Pinto - https://twitter.com/alexcpsec Michael Roytman - https://twitter.com/mroytman - http://about.me/michaelroytman MLSec Project - https://mlsecproject.org KDD - Knowledge Discovery and Data Mining Conference - http://www.kdd.org/ The (in)famous KDD’99 dataset - http://kdd.ics

Episode 0 In this inaugural episode of the Data Driven Security Podcast, Bob and Jay introduce the podcast and themselves, showcase the new Data Driven Security blog and shill their upcoming book: Data Driven Security being published by Wiley Press in 2014. Resources mentioned in the episode: DDS blog DDS inaugural blog post Buy the book! Jay's personal blog Bob's personal blog Nathan Yau DDSec Home