BSides Las Vegas 2017: How to make metrics and influence people
Using the example of vulnerability data, this talk is about what happens when data science and security collide.
Data Scientist’s mission to deliver actionable cyber security metrics to CISOs and their teams can easily go wrong. Panaseer’s Security Data Scientist, Dr. Leila Powell explains how to prevent it from happening.
When you let a Data Scientist loose on security data there’s a ton of things you (and they) need to think about: what you think data science is, and what you expect to get from it; why ‘insight’ is hard to get; how to win the battle of caveats vs usability; and how to communicate analysis when it’s used to solve operational problems or report up to management.
“A few CISOs we’ve recently spoken to told us they are seeing focus at Board level shift away from risk metrics towards performance metrics, because Boards see risk metrics as being “things that create more work than they solve.””