Data Driven Security

Episode 30 In this episode, Jay and Bob talk about the 2016 Verizon Data Breach Investigations Report (DBIR). But rather than talk about the insights and data analysis they focus in on the data visualizations. They are joined by Lane Harrison from Worcester Polytechnic Institute (WPI) and Ana Antanasoff and Gabrial Bassett from Verizon's Security Research Team. Verizon DBIR

Episode 29 In this episode, Jay and Bob talk about power laws and their application in cyber security. First, they talk with Marshall Kuypers, a PhD candidate in Management Science and Engineering at Stanford University and discuss power laws in general. Second, they sit down with Michael Roytman, Data Scientist and Kenna Security to talk about power laws in cyber security. Power Laws Probability Distributions

Episode 28 In this episode, Jay sat down with Doug Hubbard and Richard Seiersen to talk about their upcoming book "How to Measure Anything in Cybersecurity Risk". Bob talks about the rOpenSci unconference and the two talk about 2 recent publications. rOpenSci rNOAA When-ish is my Bus (pdf) Dell Secureworks Underground Hacker Marketplace Report How to Measure Anything in Cybersecurity Risk

Episode 27 In this post-RSA conference episode, Jay participated with StoryCorps along with Wade Baker and the two reflected on their time working together on the Verizon Data Breach Investigations Report. Find out more about StoryCorps at https://storycorps.org/

Episode 26 In this episode, Bob sits down with co-workers on the data science team at Rapid 7. They explore the future of security data science, Heisenberg and Project Sonar. Keep on top of Heisenberg developments at http://community.rapid7.com/ Find out more about Project Sonar at http://sonar.labs.rapid7.com/ and http://scans.io/ Get tools to work with both at http://github.com/rapid7

Episode 25 In this episode, Bob & Jay talk amongst themselves. First they cover some recent work from Jay looking at Peer-to-Peer traffic and then they transition into conferences in 2016 with some element of being Data-Driven. FloCon 2016 (you just missed it!) January 9–12, 2017 in San Diego, CA http://www.cert.org/flocon/ ShmooCon 2016 http://shmoocon.org/ January 15-17, 2016 in Washington, D.C. 2016 Cyber Risk Insights Conference http://www.advisenltd.com/events/conferences/09/02/2016-cyber-risk-insights-conference-london/ February 9, 2016 in London Network and Distributed System Security (NDSS) Symposium February 21-24, 2016 in San Diego, California RSA Conference 2016 http://www.rsaconference.com/events/us16 February 29 - March 4, 2016 in San Francisco, CA 1st IEEE European Sumposium on Security & Privacy http://www.ieee-security.org/TC/EuroSP2016/ March 21-24, 2016 in Saarbrücken, GERMANY 37th IEEE Symposium on Security & Privacy http://www.ieee-security.org/TC/EuroSP2016/ May 23-

Episode 24 In this episode, Bob & Jay talk to Charles Givre who has been doing training sessions for professionals trying to learn data science and recently did a training at a recent BlackHat event. Data-Driven Security: The Blog Data-Driven Security: The Book

Episode 23 In this episode, Bob & Jay talk tools (other than R and Python) for working with data: Excel, Tableau and AWS cloud services. Quick Look plugins Tableau AWS Main RSS Feed EC2 Official Feed Quick Look plugins Data-Driven Security: The Blog Data-Driven Security: The Book

Episode 22 In this episode, Bob & Jay dissect the looming corpse of security data science with special guest Allison Miller. Data mining firewall logs : Principal Component Analysis Machine Learning Is Cybersecurity's Latest Pipe Dream Data-Driven Security: The Blog Data-Driven Security: The Book

Episode 21 In this episode, Bob & Jay talk data-driven security conferences with Lane Harrison, an assistant professor in Computer Science at Worcester Polytechnic Institute. SIRACon VizSec

Episode 20 In this episode, Bob & Jay talk security research with Ben Edwards, a security researcher with the University of New Mexico. Ben's List of Research Papers The Complex Science of Cyber Defense Hype and Heavy Tails: A Closer Look at Data Breaches (pdf)

Episode 19 In this episode, Bob & Jay talk #rstats with Oliver Keyes from the Wikimedia Foundation. Wikimedia foundation - https://wikimediafoundation.org/wiki/Home Oliver on Twitter - https://twitter.com/quominus Oliver on GitHub - https://github.com/ironholds R Talk Podcast - http://rtalk.org/ *Not* Oliver's #rstats podcast: http://www.r-podcast.org/ EARL 2015 Boston - http://www.earl-conference.com/boston/ rOpenSec - https://github.com/rOpenSec

Episode 18 In this episode, Bob & Jay have a heated discussion about visualization and security with Brandon Dixon of PassiveTotal Brandon's primary research involves data analysis, tool development and devising strategies to counter threats earlier in their decision cycle. Brandon maintains a blog at http://blog.9bplus.com where he reports on targeted attacks, open source threat data and analysis tools. His research on various security topics has gained accolades from many major security vendors and fellow researchers. Throughout the years, Brandon has developed several public tools, most notably PassiveTotal, PDF X-Ray and HyperTotal. Graphical Perception and Graphical Methods for Analyzing Scientific Data (Cleveland/McGill) Automating the Design of Graphical Presentations of Relational Information BrailleR Brandon Dixon - @9bplus PassiveTotal PassiveTotal Blog The post that started it all! Neil Harbisson - I listen to color Don Norman - The design of everyday things D3.js SIMILE Timeline Cal-Heatm

Episode 17 In this episode, Bob & Jay continue to get schooled on their 2015 DBIR data visualizations by Lane Harrison VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/

Episode 16 In this episode, Bob & Jay get schooled on their 2015 DBIR data visualizations by Lane Harrison VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/

Episode 15 In this episode, Bob & Jay provide your data-driven guide to BSides SF & RSA 2015 https://bsidessf2015.sched.org/event/2111124302d7368414eaff6e4e4ddf50 https://bsidessf2015.sched.org/event/d67eb601f2047dbec37f7de91c5e18a9 https://www.rsaconference.com/events/us15/agenda/sessions/1736/vulnerability-management-nirvana-a-study-in https://www.rsaconference.com/events/us15/agenda/sessions/1672/security-data-science-from-theory-to-reality https://www.rsaconference.com/events/us15/agenda/sessions/1581/majority-report-making-security-data-actionable-and https://www.rsaconference.com/events/us15/agenda/sessions/1601/cookin-up-metrics-with-alex-and-david-a-recipe-for https://www.rsaconference.com/events/us15/agenda/sessions/1887/before-and-beyond-the-breach-new-research-in-the https://www.rsaconference.com/events/us15/agenda/sessions/1524/security-metrics-that-your-board-actually-cares https://www.rsaconference.com/events/us15/agenda/sessions/2006/data-science-transforming-security-operations htt

Episode 14 In this episode, Jay & Bob get a data-driven conference review from Mike Sconzo & Jason Trost Jason Trost Mike Sconzo Flocon 2015 Proceedings ShmooCon 2015 MC2 Workshop on Data-Driven Approaches to Security and Privacy This podcast is a companion to Data-Driven Security (the book) & Data-Driven Security (the blog). You can find us on Twitter at @ddsecblog / @ddsecpodcast & directly at @hrbrmstr / @jayjacobs.

Episode 13 In this episode, Jay & Bob deconstruct VizSec 13 with Lane Harrison & Sophie Engle Sophie Engle Lane Harrison @VizSec Website: VizSec.org VizSec papers site (from @f2cx)

Episode 12 In this episode, Jay & Bob put the “Myths of Security Data Science” to the test with three denizens of the SDS Rogues Gallery (Alex Pinto, Michael Roytman & David Severski) + answer listener questions and give a shout out to Seaborn Watch the UNEDITED BLOOPER REEL! Alex Pinto @mlsecproject Michael Roytman @riskio David Severski David's Blog Seaborn Data-Driven Security 30% off!

Episode 11 In this episode, Jay & Bob talk Squirrels, Pigs & Maps with Preeminent Data Scientist Jason Trost from ThreatStream, and take a look at what's made the headlines in the data science community since last show. Watch the UNEDITED BLOOPER REEL! Jason Trost covert.io blog ThreatStream Clairvoyant Squirrel: Large Scale Malicious Domain Classification Binary Pig Binary Pig github repo Modern Honey Network Roll Your Own IP Attack Graphs with IPew Map or Don't Map DAVIX 2014 Released Lynn Cherny "roundup of recent text analytics & vis work" How a fraud detection algorithm consipred to ruin my recent trip Collecting all IPv4 WHOIS records in Python Linked Small Multiples