Data Driven Security - all about the analytics

I've been remiss in my blogging duties. I've had some changes in my life recently, but I'd like to get back to posting on a regular basis and there's not real a good reason why I should be able to do that. Allow me to rectify my absentmindedness by talking about the book Data-Driven Security by Jay Jacobs and Bob Rudis.

This was a wonderful book to read as an information security professional. As information security matures (and the world in general) metrics and analytics are going to become a bigger part of the field. We see sabermetrics taking over baseball and other sports for the simple fact that it helps organizations gain a deeper understanding of what the have, which leads to making better decisions. Those same strategies can help many professional fields, including information security.

Each chapter of the book covers a different scenario in which data is analyzed to answer an infosec related question. It also discusses the art of visualization and how to make communicating numbers more useful to people (*cough*executives*cough*). The book exposes the reader to the wonderful world of Python and R studio, both of which are used to analyze and make sense of the data, without requiring too much previous knowledge. Each chapter walks the reader through exercises utilizing pre-built Python scrips in R Studio, just enough to wet the petite.

What I really enjoyed about the book was that it was easy to read. It wasn't bogged down with numbers or big words. Of course, I'm not exactly a newb to reading about statistical analysis. Still, I think people with some interest in data-driven security will find the book a fairly easy read. It's a great starting point for those wanting to explore a discipline in security that is likely to become more and more relevant as security and data matures.

This post first appeared on Exploring Information Security.

The only thing I'm going to say about the Sony mess

I had a long list of links that I was going to use to put together a longform post about the Sony hack titled, "The massive Sony link dump." I am currently in the process of re-evaluating my priorities and what I want to do with my time in regards to this site. A massive post about Sony lost its luster pretty early in the process and was thus axed in the face. In its place I have something much more fun.

SonyAttribution

The guys over at Data Driven Security, who have a wonderful podcast and were recently guests on the PVC Security Podcast (Episode 7 and 9) I produce, put together a site that finally solves the Sony attribution problem. If you don't like that attribution simply refresh the page and you get a new one. It's called the Sony Hack Attribution generator and it's utterly fantastic!

Give it a whirl or two or 50.

This post first appeared on Exploring Information Security.