A podcast on the journey to discovery through data in information security by Jay Jacobs and Bob Rudis. Episode 6: Insightful conversation with Bitsight’s Stephen Boyer
Episode 6
In this episode, Jay & Bob have a late-night chat with Stephen Boyer, CTO of BitSight about discerning information about the security health of an organization solely through what can be publicly observed and the tools & infrastructure such an undertaking requires. You'll also hear Stephen's thoughts on reproducible security research, what he looks for in a data scientist and how to communicate results clearly & effectively.
Resources / people featured in the episode:
- Stephen's Twitter Handle (@swboyer)
- BitSight - https://bitsighttech.com/
- BitSight Insights - (Most recent report)
- Python
- IPython
- Data breach notifications BitSight post. They are tracking the legal side pretty closely and reference some work where we published FOIA results in healthcare.
- Info about reproducible research
In This Episode
| Time Index | Title |
00:00:00 | Data Driven Security - Episode 6 |
00:00:36 | Welcome! |
00:01:07 | Introducing Stephen Boyer |
00:01:51 | hrbrmstr's new gig |
00:04:50 | A bit about BitSight |
00:07:36 | What can we measure to tell us how secure an organization is? |
00:10:40 | Observables & hygene |
00:11:49 | What are the challenges in collecting only external public information? |
00:14:48 | Uncertainty & atrribution |
00:19:55 | Deciding when to acquire more data |
00:23:40 | Tools of the trade |
00:26:27 | Foundations on reprodible research |
00:30:20 | What do you look for in a data scientist/team? |
00:37:19 | Evolution of a security hygene index |
00:41:51 | Communicating results |
00:45:44 | Securing security data |
00:50:42 | BitSight Industry Insights Report |
00:53:09 | The value of an electronic medical record |
01:03:08 | What advice/guidance can you give to organizations looking to become more data-driven? |
01:09:30 | Closing thoughts |
