Bob Rudis
Bob Rudis has over 20 years of experience using data to help defend global Fortune 100 companies and is currently [Master] Chief Security Data Scientist at Rapid7. He was formerly a Security Data Scientist & Managing Principal at Verizon, overseeing the team that produces the annual Data Breach Investigations Report. Bob is a serial tweeter (@hrbrmstr), avid blogger (rud.is), author (Data-Driven Security), speaker, and regular contributor to the open source community (github.com/hrbrmstr). He currently serves on the editorial board of SANS Securing The Human program and was co-chair of the 2014 Metricon security metrics/analytics conference. He was chosen as SANS "People Who Made a Difference In Security in 2015" and holds a bachelor's degree in computer science from the University of Scranton.
Customers Also Bought Items By
Are You an Author?
Help us improve our Author Pages by updating your bibliography and submitting a new or current image and biography.
Author Updates
-
Blog postInternational Code Talk Like A Pirate Day almost slipped by without me noticing (September has been a crazy busy month), but it popped up in the calendar notifications today and I was glad that I had prepped the meat of a post a few weeks back.
There will be no ‘rrrrrr’ abuse in this post, I’m afraid, but there will be plenty of R code.
We’re going to combine pirate day with “pirating” data, in the sense that I’m going to show one way on how to use the web scraping powers of R5 days ago Read more -
Blog postI was socially engineered by @yoniceedee into creating today’s post due to being prodded with this tweet:
Where to see the best fall foliage, based on your location: https://t.co/12pQU29ksB pic.twitter.com/JiywYVpmno
— Vox (@voxdotcom) September 18, 2017 Since there aren’t nearly enough sf and geom_sf examples out on the wild, wild #rstats web, here’s a short one that shows how to do basic sf operations, including how to plot sf objects in ggplot2 and animate a series of them w6 days ago Read more -
Blog postinsert(post, "{ 'standard_disclaimer' : 'My opinion, not my employer\'s' }") This is a post about the fictional company FredCo. If the context or details presented by the post seem familiar, it’s purely coincidental. This is, again, a fictional story. Let’s say FredCo had a pretty big breach that (fictionally) garnered media, Twitterverse, tech-world and Government-level... Continue reading →1 week ago Read more
-
Blog postEpisode 30
In this episode, Jay and Bob talk about the 2016 Verizon Data Breach Investigations Report (DBIR). But rather than talk about the insights and data analysis they focus in on the data visualizations. They are joined by Lane Harrison from Worcester Polytechnic Institute (WPI) and Ana Antanasoff and Gabrial Bassett from Verizon's Security Research Team.
Verizon DBIR1 year ago Read more -
Blog postEpisode 29
In this episode, Jay and Bob talk about power laws and their application in cyber security. First, they talk with Marshall Kuypers, a PhD candidate in Management Science and Engineering at Stanford University and discuss power laws in general. Second, they sit down with Michael Roytman, Data Scientist and Kenna Security to talk about power laws in cyber security.
Power Laws Probability Distributions1 year ago Read more -
Blog postEpisode 28
In this episode, Jay sat down with Doug Hubbard and Richard Seiersen to talk about their upcoming book "How to Measure Anything in Cybersecurity Risk". Bob talks about the rOpenSci unconference and the two talk about 2 recent publications.
rOpenSci rNOAA When-ish is my Bus (pdf) Dell Secureworks Underground Hacker Marketplace Report How to Measure Anything in Cybersecurity Risk1 year ago Read more -
Blog postStraight from the Book of PEP
thou shalt have no other languages before me thou shalt not compare me to R thou shalt not take the name of python or scikit-learn in vain keep holy the juypter notebook honour thy pip and thy modules thou shalt not ^C any running program, but shall exit cleanly thou shalt not “experiment” with R thou shalt utilize the whole CPU for thine is a single thread thou shalt not defame lesser languages (e.g. all of t2 years ago Read more -
Blog postEpisode 27
In this post-RSA conference episode, Jay participated with StoryCorps along with Wade Baker and the two reflected on their time working together on the Verizon Data Breach Investigations Report.
Find out more about StoryCorps at https://storycorps.org/2 years ago Read more -
Blog postEpisode 26
In this episode, Bob sits down with co-workers on the data science team at Rapid 7. They explore the future of security data science, Heisenberg and Project Sonar.
Keep on top of Heisenberg developments at http://community.rapid7.com/ Find out more about Project Sonar at http://sonar.labs.rapid7.com/ and http://scans.io/ Get tools to work with both at http://github.com/rapid72 years ago Read more -
Blog postEpisode 25
In this episode, Bob & Jay talk amongst themselves. First they cover some recent work from Jay looking at Peer-to-Peer traffic and then they transition into conferences in 2016 with some element of being Data-Driven.
FloCon 2016 (you just missed it!)
January 9–12, 2017 in San Diego, CA
http://www.cert.org/flocon/ ShmooCon 2016
http://shmoocon.org/
January 15-17, 2016 in Washington, D.C. 2016 Cyber Risk Insights Conference
http://w2 years ago Read more -
Blog postWhile I may not be able to attend the 2016 RSA Conference, I can provide some recommendations for those seeking a more data-driven schedule between parties and recovery breakfasts.
There is a high likelihood that Advancing Information Risk Practices Seminar will have sage & practical advice on how to use data to best manage risk in your organization. The always amazing Anton Chuvakin’s session on Demystifying Security Analytics: Data, Methods, Use Cases will be a great prime2 years ago Read more -
Blog postEpisode 24
In this episode, Bob & Jay talk to Charles Givre who has been doing training sessions for professionals trying to learn data science and recently did a training at a recent BlackHat event.
Data-Driven Security: The Blog Data-Driven Security: The Book2 years ago Read more -
Blog postWe’re starting off the new year with two new ways to listen to the Data-Driven Security Podcast!
First, we have our own Overcast station fully loaded with the previous two seasons of shows. You can listen to them online right on Overcast.fm or use their minimalist but highly functional app for iOS.
You can also find and add the podcast on TuneIn! It was crazy-cool to be able to tell the Amazon Echo: “Alexa, tune in to the Data-Driven Security podcast” and have it actually work2 years ago Read more -
Blog postEpisode 23
In this episode, Bob & Jay talk tools (other than R and Python) for working with data: Excel, Tableau and AWS cloud services.
Quick Look plugins Tableau 023.m4aom/new/feed/">AWS Main RSS Feed EC2 Official Feed Quick Look plugins Data-Driven Security: The Blog Data-Driven Security: The Book2 years ago Read more -
Blog postThere is a lot of misperception around sample sizes and the confusion happens on both sides of the research. A common question when researchers are starting out is, “How big should my sample size be?.” To help with that, there are handy calculators all over the Internet. But the more troubling part of misunderstanding sample size happens when people consume research and attempt to dismiss it claiming the sample size is too small. To make matters worse, we are in the age of big data where mill2 years ago Read more
-
Blog postEpisode 22
In this episode, Bob & Jay dissect the looming corpse of security data science with special guest Allison Miller.
Data mining firewall logs : Principal Component Analysis Machine Learning Is Cybersecurity's Latest Pipe Dream Data-Driven Security: The Blog Data-Driven Security: The Book2 years ago Read more -
Blog postEpisode 21
In this episode, Bob & Jay talk data-driven security conferences with Lane Harrison, an assistant professor in Computer Science at Worcester Polytechnic Institute.
SIRACon VizSec2 years ago Read more -
Blog postEpisode 20
In this episode, Bob & Jay talk security research with Ben Edwards, a security researcher with the University of New Mexico.
Ben's List of Research Papers The Complex Science of Cyber Defense Hype and Heavy Tails: A Closer Look at Data Breaches (pdf)2 years ago Read more -
Blog postWe have some strange data in cybersecurity. One of the (IMO) stranger data files is a Domain Name System (DNS) zone file. This file contains mappings between domain names and IP addresses (and other things) represented by “resource records”.
Here’s an example for the dummy/example domain example.com:
$ORIGIN example.com. ; designates the start of this zone file in the namespace $TTL 1h ; default expiration time of all resource records without their own TTL value example.com.2 years ago Read more -
Blog postEpisode 19
In this episode, Bob & Jay talk #rstats with Oliver Keyes from the Wikimedia Foundation.
Wikimedia foundation - https://wikimediafoundation.org/wiki/Home Oliver on Twitter - https://twitter.com/quominus Oliver on GitHub - https://github.com/ironholds R Talk Podcast - http://rtalk.org/ *Not* Oliver's #rstats podcast: http://www.r-podcast.org/ EARL 2015 Boston - http://www.earl-conference.com/boston/ rOpenSec - https://github.com/rOpenSec2 years ago Read more -
Blog postThis was (initially) going to be a blog post announcing the new mhn R package (more on what that is in a bit) but somewhere along the way we ended up taking a left turn at Albuquerque (as we often do here at ddsec hq) and had an adventure in a twisty maze of Modern Honey Network passages that we thought we’d relate to everyone.
Episode 0 : The Quest! We find our intrepid heroes data scientists finally getting around to playing with the Modern Honey Network (MHN) software tha2 years ago Read more -
Blog postWe just did a github release for an R package that provides an interface to the DomainTools API. It provides access to the core API functions that aren’t restricted (i.e. the ones we have access to):
domaintools_api_key: Get or set DOMAINTOOLS_API_KEY value domaintools_username: Get or set DOMAINTOOLS_API_USERNAME value domain_profile: Domain Profile hosting_history: Hosting History parsed_whois: Parsed Whois reverse_ip: Reverse IP reverse_ns: Reverse Nameser2 years ago Read more -
Blog postFor those not involved with all things “cyber”, let me start with a description of what Shodan is (though visiting the site is probably the best introduction to what secrets it holds).
Shodan is—at it’s core—a search engine. Unlike Google, Shodan indexes what I’ll call “cyber” metadata and content about everything accessible via a public IP address. This means things like
routers, switches and cable/DSL/FiOS modems (which are the underpinnings of our innternet acces2 years ago Read more -
Blog postUPDATE: RBerkeley is now on CRAN
If you made it to Chapter 8 of Data-Driven Security after ~October 2014 and tried to run the BerkeleyDB R example, you were greeted with:
Warning in install.packages : package ‘RBerkely’ is not available (for R version [YOUR_R_VERSION]) That’s due to the fact that it was removed from CRAN at the end of September, 2014 because the package author & maintainer did not respond to requests from the CRAN team to update the package to c2 years ago Read more -
Blog postThe R world has come a long way since Jay & I wrote Data-Driven Security. We had to make a conscious decision to stick with R 2.14.0 (R is at version 3.2.1 now) and packages such as knitr and dplyr either didn’t exist or were in their infancy.
In Chapter 4, we showed some very basic exploratory data analysis and visualization. One of those examples showed how to do a basic network visualization of the ZeuS botnet nodes, clustered by country of origin.
We turned s2 years ago Read more -
Blog postEpisode 18
In this episode, Bob & Jay have a heated discussion about visualization and security with Brandon Dixon of PassiveTotal
Brandon's primary research involves data analysis, tool development and devising strategies to counter threats earlier in their decision cycle. Brandon maintains a blog at http://blog.9bplus.com where he reports on targeted attacks, open source threat data and analysis tools. His research on various security topics has gained accolades from man2 years ago Read more -
Blog postEpisode 17
In this episode, Bob & Jay continue to get schooled on their 2015 DBIR data visualizations by Lane Harrison
VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/2 years ago Read more -
Blog postEpisode 16
In this episode, Bob & Jay get schooled on their 2015 DBIR data visualizations by Lane Harrison
VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/2 years ago Read more -
Blog postEpisode 15
In this episode, Bob & Jay provide your data-driven guide to BSides SF & RSA 2015
https://bsidessf2015.sched.org/event/2111124302d7368414eaff6e4e4ddf50 https://bsidessf2015.sched.org/event/d67eb601f2047dbec37f7de91c5e18a9 https://www.rsaconference.com/events/us15/agenda/sessions/1736/vulnerability-management-nirvana-a-study-in https://www.rsaconference.com/events/us15/agenda/sessions/1672/security-data-science-from-theory-to-reality https://www.rsaconference.com2 years ago Read more -
Blog postEpisode 14 In this episode, Jay & Bob get a data-driven conference review from Mike Sconzo & Jason Trost
Jason Trost Mike Sconzo Flocon 2015 Proceedings ShmooCon 2015 MC2 Workshop on Data-Driven Approaches to Security and Privacy
This podcast is a companion to Data-Driven Security (the book) & Data-Driven Security (the blog). You can find us on Twitter at @ddsecblog / @ddsecpodcast & directly at @hrbrmstr / @jayjacobs.
3 years ago Read more -
Blog postEpisode 13
In this episode, Jay & Bob deconstruct VizSec 13 with Lane Harrison & Sophie Engle
Sophie Engle Lane Harrison @VizSec Website: VizSec.org VizSec papers site (from @f2cx) VizSec 2014 Videos3 years ago Read more -
Blog postEpisode 12
In this episode, Jay & Bob put the “Myths of Security Data Science” to the test with three denizens of the SDS Rogues Gallery (Alex Pinto, Michael Roytman & David Severski) + answer listener questions and give a shout out to Seaborn
Watch the UNEDITED BLOOPER REEL!
Alex Pinto @mlsecproject
Michael Roytman @riskio
David Severski David's Blog
Seaborn Data-Driven Security 30% off!3 years ago Read more -
Blog postEpisode 11
In this episode, Jay & Bob talk Squirrels, Pigs & Maps with Preeminent Data Scientist Jason Trost from ThreatStream, and take a look at what's made the headlines in the data science community since last show.
Watch the UNEDITED BLOOPER REEL! Jason Trost covert.io blog ThreatStream Clairvoyant Squirrel: Large Scale Malicious Domain Classification Binary Pig Binary Pig github repo Modern Honey Network Roll Your Own IP Attack Graphs with IPew Map or Don't Map DAVIX3 years ago Read more -
Blog postEpisode 10
In this episode, Jay & Bob have a community discussion with John Langton & Alex Baker about their security data analysis & visualization startup: VisiTrend, and take a look at what's made the headlines in the data science community since last show.
Resources / people featured in the show:
VisiTrend - visitrend (twitter) Data science can't be point and click In-depth introduction to machine learning in 15 hours of expert videos Data Playlists Running3 years ago Read more -
Blog postEpisode 9
In this episode, Jay & Bob have a late night conversation with Mike Sconzo from Click Security about what got him into security data science along with a great discussion about machine learning and round out the show with a data science internet roundup
Resources / people featured in the episode:
Mike Sconzo - @sooshie B-Sides Machine Learning Click Security Data Hacking Data science: how is it different to statistics? - IMS Bulletin The Importance Of 'Janito3 years ago Read more -
Blog postEpisode 8
In this episode, Jay & Bob invite “The Gang” - Russell Thomas, Michael Roytman & Alex Pinto - back on to see what they’ve been up to since January, including recent talks and research projects, plus give a sneak peak into SIRAcon 2014 where they’ll all be presenting!
Resources / people featured in the episode:
Michael Roytman - @mroytman The Power Law of Information Alex Pinto - @alexcpsec Measuring the IQ of your Threat Intelligence feeds Secure Because3 years ago Read more -
Blog postEpisode 7
In this episode, Jay & Bob enter the echo chamber with Andrew Hay and Thibault Reuille of OpenDNS to talk about their new security data analysis/visualization tool - OpenGraphiti - being announced at BlackHat. Listen in to learn about how graph analysis can take your security practice to a whole other dimension.
Resources / people featured in the episode:
BlackHat Talk + Speaker profile OpenDNS + @opendns Thibault Reuille Andrew Hay Skyler Hawthorne OpenGraph3 years ago Read more -
Blog postEpisode 6
In this episode, Jay & Bob have a late-night chat with Stephen Boyer, CTO of BitSight about discerning information about the security health of an organization solely through what can be publicly observed and the tools & infrastructure such an undertaking requires. You'll also hear Stephen's thoughts on reproducible security research, what he looks for in a data scientist and how to communicate results clearly & effectively.
Resources / people featured in3 years ago Read more -
Blog postEpisode 5
In this episode, Jay & Bob sit down with David Severski, Manager of the Information Security program at Seattle Children's Hospital to talk about the challenges & rewards of building a data-driven security program from the ground up. Along the way, they cover education, tools, engaging the community and what lies ahead for data-driven security.
Resources / people featured in the episode:
David Severski's Blog - http://blog.severski.net/ Building a Log Ana3 years ago Read more -
Blog postEpisode 4
In this episode Bob & Jay talk with Kymberlee Price @kym_possible about her work with vulnerability data at BlackBerry and her real-life superheroic philanthropic work.
Resources / people featured in the episode:
One Spark Foundation - https://www.facebook.com/onesparkcanstartafire [FB] Beading Divas (Greyhound and general animal welfare advocates) Help Aidan Love Fight Cancer Project Genesis (advocacy and support for victims of human trafficking, Seattle has4 years ago Read more -
Blog postEpisode 3
METRICON 9/RSA 2014 EDITION!
In this episode Bob & Jay debrief from their exploits in San Francisco, including an in-depth look at the happenings at METRICON 9 and showcasing some the data-driven companies on the RSA show floor. They also discuss some recent blog posts and give a preview of upcoming podcast guests.
Resources / people featured in the episode:
METRICON 9 Agenda METRICON 9 - Storified Kymberlee Price Michael Roytman Paper by Roytman and4 years ago Read more -
Blog postEpisode 2!
In this episode of the Data Driven Security Podcast, Bob and Jay review the DDS coverage of Harvard's "Weathering the Data Storm" symposium including some specific focus on the IPython talk by Fernando Pérez, Cynthia Rudin's "Manhole Event" paper and the pretty consistent theme of "need to prove your models in little data before driving them to scale". Then, they execute a whirlwind review of recent blog posts, give a preview of an upcom4 years ago Read more -
Blog postEpisode 1
In this episode, Bob & Jay invite Alex Pinto (@alexcpsec), Michael Roytman (@mroytman) & Russ Thomas (@mrmeritology) on to the show to discuss what makes up "security data science". They delve into the tools of the trade, posit on future of the intersection of security and data science and relate their own personal & professional experiences trying to introduce "data science" into infosec. Bob & Jay also talk about recent blog posts and do4 years ago Read more -
Blog postEpisode 0
In this inaugural episode of the Data Driven Security Podcast, Bob and Jay introduce the podcast and themselves, showcase the new Data Driven Security blog and shill their upcoming book: Data Driven Security being published by Wiley Press in 2014.
Resources mentioned in the episode:
DDS blog DDS inaugural blog post Buy the book! Jay's personal blog Bob's personal blog Nathan Yau DDSec Home4 years ago Read more
Books by Bob Rudis
Showing 1 Result Books : Advanced Search
- All Formats
- Kindle Edition
- Paperback
See search results for author "Bob Rudis" in Books
|
|
More Information› Are you an author? Visit Author Central to change your photo, edit your biography, and more› See Author Pages Frequently Asked Questions › Anything else? Provide feedback about this page |
There's a problem loading this menu right now.
Get fast, free shipping with Amazon Prime
Prime members enjoy FREE Two-Day Shipping and exclusive access to music, movies, TV shows, original audio series, and Kindle books.
Back to top
Get to Know Us
Make Money with Us
Amazon Payment Products
- Conditions of Use
- Privacy Notice
- Interest-Based Ads
- © 1996-2017, Amazon.com, Inc. or its affiliates