Preview Mode Links will not work in preview mode

Feb 17, 2014

In this episode

  • Jay and Bob talk about their new book
  • A discussion on using data as 'supporting evidence' rather than gut feelings
  • Do we have actuarial quality data to answer key security questions?
  • A discussion on "asking the right question", and why it's THE single most important thing to do
  • Bob attempts to ask security professionals to use data we already have, to be data-driven
  • Jay tells us why he wouldn't consider "SQL Injection" a "HIGH" risk ranking - and why data challenges what you THINK you know
  • Quick shout out to Allison Miller on finding the little needles in the big, big haystack
  • We think about why security as an industry needs to start looking outside of itself to get its data - now
  • Jay discusses how there is a definite skills shortage in working with large data sets, and doing analysis
  • I ask whether there is a chicken and egg problem in large-scale data analysis
  • Bob brings up the "kill chain" and whether we really need real-time data analysis for attacks
  • Bob makes a pitch for having a "Cyber CDC" ... stop laughing
  • Jay laments the absolute bonkers problems dealing with information sharing (when you don't have any to share)
  • Jay urges you to "count and compare"