Down The Security Rabbithole

In this episode Jay and Bob talk about their new book A discussion on using data as 'supporting evidence' rather than gut feelings Do we have actuarial quality data to answer key security questions? A discussion on "asking the right question", and why it's THE single most important thing to do Bob attempts to ask security professionals to use data we already have, to be data-driven Jay tells us why he wouldn't consider "SQL Injection" a "HIGH" risk ranking - and why data challenges what you THINK you know Quick shout out to Allison Miller on finding the little needles in the big, big haystack We think about why security as an industry needs to start looking outside of itself to get its data - now Jay discusses how there is a definite skills shortage in working with large data sets, and doing analysis I ask whether there is a chicken and egg problem in large-scale data analysis Bob brings up the "kill chain" and whether we really need real-time data analysis for attacks Bob makes a pitch for having a "Cyber