Last week I had the pleasure of delivering a keynote presentation at the IANS Twin Cities Security Forum. Having been involved and participated in IANS events in the past I knew what to expect. They always do a great job with their Security Forums with a very unique format. Probably what I like the most about these forums is the amount of candid information sharing that goes with them – something I’m a big advocate of and what a lot of my presentation was about.
I posted the slides on Slideshare and embedded them below, however; due to the format of the talk there’s not a lot of content within the slides themselves. To give you more context as well as summarize the topics even better than I could, I’m posting a number of references to concepts I spoke about within the keynote. Some of the concepts are simple and easy to grasp while others border more on specific use cases and are a bit more abstract.
References & Credits – GO READ THESE
- A good series of blog posts by Scott Crawford of EMA on Data Driven Security
- Post from Josh Corman on HD Moore’s Law
- Our own post on Traffic Signal rankings and the subsequent comment thread on vulnerability prediction
- CVSS and the Base Rate Fallacy by Jeff Lowder on the SIRA blog
- Security Trend Analysis with CVE Topic Models
- Gunnar Peterson‘s Information Security Debt Clock
- The New School of Information Security – a must read and topic primer
- Ted Talk – Doctors Make Mistakes, Can We Talk About That?