DtR Episode 80 - Lies, Damned Lies, and #InfoSec Statistics [Guests: Jay Jacobs, Bob Rudis]
Down the Security Rabbithole Podcast
English - February 17, 2014 18:00 - 58 minutes - 40.1 MB - ★★★★ - 91 ratingsTech News News Technology cybersecurity enterprise information cyber hacking management risk security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
In this episode
Jay and Bob talk about their new book
A discussion on using data as 'supporting evidence' rather than gut feelings
Do we have actuarial quality data to answer key security questions?
A discussion on "asking the right question", and why it's THE single most important thing to do
Bob attempts to ask security professionals to use data we already have, to be data-driven
Jay tells us why he wouldn't consider "SQL Injection" a "HIGH" risk ranking - and why data challenges what you THINK you know
Quick shout out to Allison Miller on finding the little needles in the big, big haystack
We think about why security as an industry needs to start looking outside of itself to get its data - now
Jay discusses how there is a definite skills shortage in working with large data sets, and doing analysis
I ask whether there is a chicken and egg problem in large-scale data analysis
Bob brings up the "kill chain" and whether we really need real-time data analysis for attacks
Bob makes a pitch for having a "Cyber CDC" ... stop laughing
Jay laments the absolute bonkers problems dealing with information sharing (when you don't have any to share)
Jay urges you to "count and compare"
Guests
Jay Jacobs ( @JayJacobs ) - www.linkedin.com/pub/jay-jacobs/3/896/4b0, Jay is currently a Principal at Verizon Business
Bob Rudis ( @hrbrmstr ) - www.linkedin.com/in/hrbrmstr, Director. Enterprise Security, IT Risk Management at Liberty Mutual Insurance & Co-author of Data-Driven Security