Data Driven Security

Episode 30 In this episode, Jay and Bob talk about the 2016 Verizon Data Breach Investigations Report (DBIR). But rather than talk about the insights and data analysis they focus in on the data visualizations. They are joined by Lane Harrison from Worcester Polytechnic Institute (WPI) and Ana Antanasoff and Gabrial Bassett from Verizon's Security Research Team. Verizon DBIR: http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/

Episode 29 In this episode, Jay and Bob talk about power laws and their application in cyber security. First, they talk with Marshall Kuypers, a PhD candidate in Management Science and Engineering at Stanford University and discuss power laws in general. Second, they sit down with Michael Roytman, Data Scientist and Kenna Security to talk about power laws in cyber security. Power laws: https://en.wikipedia.org/wiki/Power_law Probability Distributions: https://en.wikipedia.org/wiki/Probability_distribution

Episode 28 In this episode, Jay sat down with Doug Hubbard and Richard Seiersen to talk about their upcoming book "How to Measure Anything in Cybersecurity Risk". Bob talks about the rOpenSci unconference and the two talk about 2 recent publications. rOpenSci: https://ropensci.org/ rNOAA: https://github.com/ropensci/rnoaa When-ish is my Bus (pdf): http://faculty.washington.edu/jhullman/busUncertaintyVis.pdf Dell Secureworks Underground Hacker Marketplace Report: https://www.secureworks.com/resources/rp-2016-underground-hacker-marketplace-report How to Measure Anything in Cybersecurity Risk: http://www.wiley.com/WileyCDA/WileyTitle/productCd-1119085292.html

Episode 27 In this post-RSA conference episode, Jay participated with StoryCorps along with Wade Baker and the two reflected on their time working together on the Verizon Data Breach Investigations Report. https://storycorps.org/

Episode 26 In this episode, Bob sits down with co-workers on the data science team at Rapid 7. They explore the future of security data science, Heisenberg and Project Sonar. Keep on top of Heisenberg developments at http://community.rapid7.com/. Find out more about Project Sonar at http://sonar.labs.rapid7.com/ and http://scans.io/. Get tools to work with both at http://github.com/rapid7.

Episode 25 In this episode, Bob & Jay talk amongst themselves. First they cover some recent work from Jay looking at Peer-to-Peer traffic and then they transition into conferences in 2016 with some element of being Data-Driven. FloCon 2016 (you just missed it!) January 9–12, 2017 in San Diego, CA http://www.cert.org/flocon/ ShmooCon 2016 http://shmoocon.org/ January 15-17, 2016 in Washington, D.C. 2016 Cyber Risk Insights Conference http://www.advisenltd.com/events/conferences/09/02/2016-cyber-risk-insights-conference-london/ February 9, 2016 in London Network and Distributed System Security (NDSS) Symposium February 21-24, 2016 in San Diego, California RSA Conference 2016 http://www.rsaconference.com/events/us16 February 29 - March 4, 2016 in San Francisco, CA 1st IEEE European Sumposium on Security & Privacy http://www.ieee-security.org/TC/EuroSP2016/ March 21-24, 2016 in Saarbrücken, GERMANY 37th IEEE Symposium on Security & Privacy http://www.ieee-security.org/TC/EuroSP2016/ May 23-25, 2016 in San Jose, CA 11th Annual Cyber and Information Security Research (CISR) Conference http://www.cisr.ornl.gov/cisrc16/ April 5-7, 2016 in Oak Ridge, TN 15th Annual Workshop on the Economics of Information Security (WEIS) http://weis2016.econinfosec.org/ June 13-14, 2016 in Berkeley, CA USA International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA 2016) http://c-mric.org/csa2016 June 13-14, 2016 in London 25th USENIX Security Symposium https://www.usenix.org/conference/usenixsecurity16 August 10–12, 2016, in Austin, TX. SIRAcon http://societyinforisk.org/ October-ish 2016 (TBA) The Fifth International Conference on Informatics and Applications (ICIA2016) http://sdiwc.net/conferences/fifth-international-conference-informatics-applications/ November 14-16, 2016 in Takamatsu, Japan 2015 Annual Computer Security Applications Conference http://www.acsac.org/2015/ December 5-9, 2016 in Los Angeles, CA Data-Driven Security Blog: http://dds.ec/blog Data-Driven Security (The book that started it all): http://dds.ec/amzn

Episode 24 In this episode, Bob & Jay talk to Charles Givre who has been doing training sessions for professionals trying to learn data science and recently did a training at a recent BlackHat event. Data-Driven Security Blog: http://dds.ec/blog Data-Driven Security (The book that started it all): http://dds.ec/amzn

Episode 23 In this episode, Bob & Jay talk tools (other than R and Python) for working with data: Excel, Tableau and AWS cloud services. Quick Look plugins: https://github.com/sindresorhus/quick-look-plugins Tableau: http://www.tableau.com/ AWS Main RSS Feed: http://aws.amazon.com/new/feed/ EC2 Official Feed: http://feeds.feedburner.com/AmazonWebServicesBlog ​DevOps Weekly http://www.devopsweekly.com/ Data-Driven Security Blog: http://dds.ec/blog Data-Driven Security (The book that started it all): http://dds.ec/amzn

Episode 22 In this episode, Bob & Jay dissect the looming corpse of security data science with special guest Allison Miller. Data mining firewall logs : Principal Component Analysis: http://blog.davidvassallo.me/2015/10/28/data-mining-firewall-logs-principal-component-analysis/ Machine Learning Is Cybersecurity's Latest Pipe Dream: http://www.darkreading.com/vulnerabilities---threats/machine-learning-is-cybersecuritys-latest-pipe-dream/a/d-id/1322878 Data-Driven Security Blog: http://dds.ec/blog Data-Driven Security (The book that started it all): http://dds.ec/amzn

Episode 21 In this episode, Bob & Jay talk data-driven security conferences with Lane Harrison, an assistant professor in Computer Science at Worcester Polytechnic Institute. SIRACon: https://www.societyinforisk.org/pages/siracon.html VizSec: http://vizsec.org/

Data Driven Security - Episode 20

Episode 19 In this episode, Bob & Jay talk #rstats with Oliver Keyes from the Wikimedia Foundation Wikimedia foundation - https://wikimediafoundation.org/wiki/Home Oliver on Twitter - https://twitter.com/quominus Oliver on GitHub - https://github.com/ R Talk Podcast - http://rtalk.org/ *Not* Oliver's #rstats podcast: http://www.r-podcast.org/ EARL 2015 Boston - http://www.earl-conference.com/boston/ rOpenSec - https://github.com/rOpenSec

Episode 18 In this episode, Bob & Jay have a heated discussion about visualization and security with Brandon Dixon of PassiveTotal Graphical Perception and Graphical Methods for Analyzing Scientific Data (Cleveland/McGill) https://web.cs.dal.ca/~sbrooks/csci4166-6406/seminars/readings/Cleveland_GraphicalPerception_Science85.pdf Automating the Design of Graphical Presentations of Relational Information https://research.tableau.com/sites/default/files/p110-mackinlay.pdf BrailleR http://cran.r-project.org/web/packages/BrailleR/index.html Brandon Dixon - @9bplus https://twitter.com/9bplus Brandon's primary research involves data analysis, tool development and devising strategies to counter threats earlier in their decision cycle. Brandon maintains a blog at blog.9bplus.com where he reports on targeted attacks, open source threat data and analysis tools. His research on various security topics has gained accolades from many major security vendors and fellow researchers. Throughout the years, Brandon has developed several public tools, most notably PassiveTotal, PDF X-Ray and HyperTotal. PassiveTotal http://passivetotal.org/ PassiveTotal Blog http://blog.passivetotal.org The post that started it all! http://blog.passivetotal.org/rethinking-passive-dns-results/ Resources mentioned in the interview Neil Harbisson - I listen to color http://www.ted.com/talks/neil_harbisson_i_listen_to_color?language=en Don Norman - The design of everyday things http://amzn.to/1GS8bjQ D3.js http://d3js.org/ SIMILE Timeline http://www.simile-widgets.org/timeline/ Cal-Heatmap http://kamisama.github.io/cal-heatmap/

Episode 17 In this episode, Bob & Jay continue to get schooled on their 2015 DBIR data visualizations by Lane Harrison VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/

Episode 15 In this episode, Bob & Jay get schooled on their 2015 DBIR data visualizations by Lane Harrison VizSec 2015 - http://vizsec.org 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/