Dominating the DBIR Data

Explore the intricacies of data analysis in cybersecurity through this comprehensive BSidesLV conference talk. Delve into the process of handling and interpreting data from the Verizon Data Breach Investigations Report (DBIR). Learn about data collection, cleaning, storage, and conversion techniques, with a focus on the VERIS schema. Discover methods for exploring datasets, generating hypotheses, and validating findings. Gain insights into the challenges of non-standard data sources, non-incident data, and the complexities of dataset definition. Understand the importance of consistent and quality figure generation, as well as the validation of analysis results. Prepare for future challenges in data complexity as you enhance your skills in cybersecurity data analysis.

Introduction
What is data?
Getting data
Non-standard source data
Removing things from raw data
Storing data
Converting data to JSON (scripts)
A word about our schema: VERIS
Converting data to JSON (schema)
Validating Data
Exploring the data
Finding novel findings (hypotheses)
A word about non-incident data
Deciding what constitutes the dataset
Generating statistics (hypotheses)
Validation - Generating consistent, quality figures
Validating analysis (hypotheses)
Looking ahead
The complexity apocalypse