Security Data Science - Getting the Fundamentals Right

Explore the fundamentals of security data science in this 51-minute conference talk from BSidesLV 2019. Delve into essential topics such as background knowledge, metrics code, and the unique challenges posed by antiforensics and parsing in the security field. Learn how to apply Occam's Razor to simplify problem-solving, effectively manage experiments, and ensure that data and experiments support conclusions. Gain insights into the importance of telemetry and understand the concept of adversarial model decay in security contexts. This comprehensive presentation provides valuable guidance for professionals looking to strengthen their approach to security data science and improve their analytical processes.

Intro
My background
The very first question
So what should you do?
Metrics code
The security difference - antiforensics and parsing headaches
The zeroeth step: use Occam's Razor
Manage your experiments
Do your experiments support your conclusions?
Does your data support your conclusions?
You are getting telemetry, right?
The Security Difference - Adversarial model decay