Data science is not just a set of algorithms - it's a discipline. There are many things we need to think about when we pull data from security tools, like vulnerability scanners, analyse it and present insights. This, however, is still only the beginning. In order for our analysis to have influence, we need to leverage this approach to create metrics that can actually drive improvement in security processes and help reduce risk.
During this process, there'll be many painful questions to answer, like: "How do I choose what to measure?"; "Why doesn't anyone seem engaged with theses metrics, even though they asked for them!?"; and "What do I when everyone seems to disagree on where the risk is?"
This talk will demonstrate how you can use data science to give everyone from IT Ops to the CISO a shared way of looking at a risk problem that they all buy into. We'll review metrics that a team in a global financial are using to make strategic decisions and show how these relate directly to tactical tasks, enabling security and IT to prioritize effectively, and measure their success.