No More Fudge Factors and Made-up Shit: Performance Numbers That Mean Something

BSidesLV 2015

Presented by: Russell Thomas
Date: Wednesday August 05, 2015
Time: 17:00 - 17:55
Location: Florentine F
Track: Ground Truth

This session presents a credible and powerful method to estimate an aggregate performance index from a grab bag of ground-truth metrics and evidence, even if the ground truth data are messy. Several case studies will be demonstrated: Vendor Risk Assessment, Vulnerability Management, and Security Operations. Excel and R+Shiny tools will be released

Russell Thomas

Russell is Security Data Scientist at a Large Financial Firm and a PhD student in Computational Social Science at George Mason University. He's been involved with security metrics and risk analysis since 2007. He has a few decades of experience in the Information Technology sector, including engineer, manager, and consultant, working in design, manufacturing, marketing, IT, and strategy functions. He has a BS in electrical engineering and management from Worcester Polytech. He blogs at "Exploring Possibility Space".


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats