Posts Tagged ‘analytics’

The Future of Security Automation.

It is entirely possible I am about to have a flying car moment. Recently I have been asked by a variety of product vendors and security consultancies for my opinions on the future direction of security and where they should be focusing their innovation efforts. I’m honestly not sure why I get asked this but I enjoy both the sound of my own voice and free lunches so i’m not complaining. Here is my view on the core of how we will be delivering security in large enterprises in the near-ish future.
(more…)

Security Analytics Beyond Cyber

I presented at 44con 2014 on moving security analytics on from network defense and rapid response towards supporting data-driven and evidence-driven security management, my presentation is on slideshare below:

(more…)

Security Analysis for Humans

Following a highly enjoyable and usefully challenging conversation with Eric Leandri from Qwant.com I was inspired to consider some guiding principles for conducting security analysis.

With an obvious hat tip to the Zen of Python the following is what I am aspiring to meet in the increasingly data-driven security consulting work I am engaged in:

 

If it’s hard to explain, it’s probably bad analysis.

If you’re not making a decision easier what’s the point?

Hypotheses without goals are pointless.

Measurement without hypothesis is not analysis.

Explicit and transparent analysis matters.

Beautifully designed output matters.

Readability matters.

 

 

I’d love feedback from anyone else working in the field.

Twitter RSS