
OK
About Bob Rudis
Customers Also Bought Items By
Are you an author?
Author Updates
-
Blog postBrim Security maintains a free, Electron-based desktop GUI for exploration of PCAPs and select cybersecurity logs:
along with a broad ecosystem of tools which can be used independently of the GUI.
The standalone or embedded zqd server, as well as the zq command line utility let analysts run ZQL (a domain-specific query language) queries on cybersecurity data sources.
The Brim team maintains a Python module that is capable of working with the zqd HTTP API and my nascent4 days ago Read more -
Blog postHorrible puns aside, hopefully everyone saw the news, earlier this week, from @thomasp85 on the evolution of modern typographic capabilities in the R ecosystem. Thomas (and some cohorts) has been working on {systemfonts}, {ragg}, and {textshaping} for quite a while now, and the — shall we say tidyglyphs ecosystem — is super-ready for prime time.
Thomas covered a seriously large amount of ground in his post, so please take some time to digest that before continuing.
Back?
1 week ago Read more -
Blog post💙 Expand for EKG code library(hrbrthemes) library(elementalist) # remotes::install_github("teunbrand/elementalist") library(ggplot2) read_csv( file = "~/Data/apple_health_export/electrocardiograms/ecg_2020-09-24.csv", # this is extracted below skip = 12, col_names = "µV" ) %>% mutate( idx = 1:n() ) -> ekg ggplot() + geom_line_theme( data = ekg %>% tail(3000) %>% head(2500), aes(idx, µV), size = 0.125, color = "#cb181d" ) + labs(x..2 weeks ago Read more
-
Blog postEpisode 30
In this episode, Jay and Bob talk about the 2016 Verizon Data Breach Investigations Report (DBIR). But rather than talk about the insights and data analysis they focus in on the data visualizations. They are joined by Lane Harrison from Worcester Polytechnic Institute (WPI) and Ana Antanasoff and Gabrial Bassett from Verizon's Security Research Team.
Verizon DBIR5 years ago Read more -
Blog postEpisode 29
In this episode, Jay and Bob talk about power laws and their application in cyber security. First, they talk with Marshall Kuypers, a PhD candidate in Management Science and Engineering at Stanford University and discuss power laws in general. Second, they sit down with Michael Roytman, Data Scientist and Kenna Security to talk about power laws in cyber security.
Power Laws Probability Distributions5 years ago Read more -
Blog postEpisode 28
In this episode, Jay sat down with Doug Hubbard and Richard Seiersen to talk about their upcoming book "How to Measure Anything in Cybersecurity Risk". Bob talks about the rOpenSci unconference and the two talk about 2 recent publications.
rOpenSci rNOAA When-ish is my Bus (pdf) Dell Secureworks Underground Hacker Marketplace Report How to Measure Anything in Cybersecurity Risk5 years ago Read more -
Blog postStraight from the Book of PEP
thou shalt have no other languages before me thou shalt not compare me to R thou shalt not take the name of python or scikit-learn in vain keep holy the juypter notebook honour thy pip and thy modules thou shalt not ^C any running program, but shall exit cleanly thou shalt not “experiment” with R thou shalt utilize the whole CPU for thine is a single thread thou shalt not defame lesser languages (e.g. all of t5 years ago Read more -
Blog postEpisode 27
In this post-RSA conference episode, Jay participated with StoryCorps along with Wade Baker and the two reflected on their time working together on the Verizon Data Breach Investigations Report.
Find out more about StoryCorps at https://storycorps.org/5 years ago Read more -
Blog postEpisode 26
In this episode, Bob sits down with co-workers on the data science team at Rapid 7. They explore the future of security data science, Heisenberg and Project Sonar.
Keep on top of Heisenberg developments at http://community.rapid7.com/ Find out more about Project Sonar at http://sonar.labs.rapid7.com/ and http://scans.io/ Get tools to work with both at http://github.com/rapid75 years ago Read more -
Blog postEpisode 25
In this episode, Bob & Jay talk amongst themselves. First they cover some recent work from Jay looking at Peer-to-Peer traffic and then they transition into conferences in 2016 with some element of being Data-Driven.
FloCon 2016 (you just missed it!)
January 9–12, 2017 in San Diego, CA
http://www.cert.org/flocon/ ShmooCon 2016
http://shmoocon.org/
January 15-17, 2016 in Washington, D.C. 2016 Cyber Risk Insights Conference
http://w5 years ago Read more -
Blog postWhile I may not be able to attend the 2016 RSA Conference, I can provide some recommendations for those seeking a more data-driven schedule between parties and recovery breakfasts.
There is a high likelihood that Advancing Information Risk Practices Seminar will have sage & practical advice on how to use data to best manage risk in your organization. The always amazing Anton Chuvakin’s session on Demystifying Security Analytics: Data, Methods, Use Cases will be a great prime5 years ago Read more -
Blog postEpisode 24
In this episode, Bob & Jay talk to Charles Givre who has been doing training sessions for professionals trying to learn data science and recently did a training at a recent BlackHat event.
Data-Driven Security: The Blog Data-Driven Security: The Book5 years ago Read more -
Blog postWe’re starting off the new year with two new ways to listen to the Data-Driven Security Podcast!
First, we have our own Overcast station fully loaded with the previous two seasons of shows. You can listen to them online right on Overcast.fm or use their minimalist but highly functional app for iOS.
You can also find and add the podcast on TuneIn! It was crazy-cool to be able to tell the Amazon Echo: “Alexa, tune in to the Data-Driven Security podcast” and have it actually work5 years ago Read more -
Blog postEpisode 23
In this episode, Bob & Jay talk tools (other than R and Python) for working with data: Excel, Tableau and AWS cloud services.
Quick Look plugins Tableau 023.m4aom/new/feed/">AWS Main RSS Feed EC2 Official Feed Quick Look plugins Data-Driven Security: The Blog Data-Driven Security: The Book5 years ago Read more -
Blog postThere is a lot of misperception around sample sizes and the confusion happens on both sides of the research. A common question when researchers are starting out is, “How big should my sample size be?.” To help with that, there are handy calculators all over the Internet. But the more troubling part of misunderstanding sample size happens when people consume research and attempt to dismiss it claiming the sample size is too small. To make matters worse, we are in the age of big data where mill5 years ago Read more
-
Blog postEpisode 22
In this episode, Bob & Jay dissect the looming corpse of security data science with special guest Allison Miller.
Data mining firewall logs : Principal Component Analysis Machine Learning Is Cybersecurity's Latest Pipe Dream Data-Driven Security: The Blog Data-Driven Security: The Book5 years ago Read more -
Blog postEpisode 21
In this episode, Bob & Jay talk data-driven security conferences with Lane Harrison, an assistant professor in Computer Science at Worcester Polytechnic Institute.
SIRACon VizSec5 years ago Read more -
Blog postEpisode 20
In this episode, Bob & Jay talk security research with Ben Edwards, a security researcher with the University of New Mexico.
Ben's List of Research Papers The Complex Science of Cyber Defense Hype and Heavy Tails: A Closer Look at Data Breaches (pdf)5 years ago Read more -
Blog postWe have some strange data in cybersecurity. One of the (IMO) stranger data files is a Domain Name System (DNS) zone file. This file contains mappings between domain names and IP addresses (and other things) represented by “resource records”.
Here’s an example for the dummy/example domain example.com:
$ORIGIN example.com. ; designates the start of this zone file in the namespace $TTL 1h ; default expiration time of all resource records without their own TTL value example.com.5 years ago Read more -
Blog postEpisode 19
In this episode, Bob & Jay talk #rstats with Oliver Keyes from the Wikimedia Foundation.
Wikimedia foundation - https://wikimediafoundation.org/wiki/Home Oliver on Twitter - https://twitter.com/quominus Oliver on GitHub - https://github.com/ironholds R Talk Podcast - http://rtalk.org/ *Not* Oliver's #rstats podcast: http://www.r-podcast.org/ EARL 2015 Boston - http://www.earl-conference.com/boston/ rOpenSec - https://github.com/rOpenSec6 years ago Read more -
Blog postThis was (initially) going to be a blog post announcing the new mhn R package (more on what that is in a bit) but somewhere along the way we ended up taking a left turn at Albuquerque (as we often do here at ddsec hq) and had an adventure in a twisty maze of Modern Honey Network passages that we thought we’d relate to everyone.
Episode 0 : The Quest! We find our intrepid heroes data scientists finally getting around to playing with the Modern Honey Network (MHN) software tha6 years ago Read more -
Blog postWe just did a github release for an R package that provides an interface to the DomainTools API. It provides access to the core API functions that aren’t restricted (i.e. the ones we have access to):
domaintools_api_key: Get or set DOMAINTOOLS_API_KEY value domaintools_username: Get or set DOMAINTOOLS_API_USERNAME value domain_profile: Domain Profile hosting_history: Hosting History parsed_whois: Parsed Whois reverse_ip: Reverse IP reverse_ns: Reverse Nameser6 years ago Read more -
Blog postFor those not involved with all things “cyber”, let me start with a description of what Shodan is (though visiting the site is probably the best introduction to what secrets it holds).
Shodan is—at it’s core—a search engine. Unlike Google, Shodan indexes what I’ll call “cyber” metadata and content about everything accessible via a public IP address. This means things like
routers, switches and cable/DSL/FiOS modems (which are the underpinnings of our innternet acces6 years ago Read more -
Blog postUPDATE: RBerkeley is now on CRAN
If you made it to Chapter 8 of Data-Driven Security after ~October 2014 and tried to run the BerkeleyDB R example, you were greeted with:
Warning in install.packages : package ‘RBerkely’ is not available (for R version [YOUR_R_VERSION]) That’s due to the fact that it was removed from CRAN at the end of September, 2014 because the package author & maintainer did not respond to requests from the CRAN team to update the package to c6 years ago Read more -
Blog postThe R world has come a long way since Jay & I wrote Data-Driven Security. We had to make a conscious decision to stick with R 2.14.0 (R is at version 3.2.1 now) and packages such as knitr and dplyr either didn’t exist or were in their infancy.
In Chapter 4, we showed some very basic exploratory data analysis and visualization. One of those examples showed how to do a basic network visualization of the ZeuS botnet nodes, clustered by country of origin.
We turned s6 years ago Read more -
Blog postEpisode 18
In this episode, Bob & Jay have a heated discussion about visualization and security with Brandon Dixon of PassiveTotal
Brandon's primary research involves data analysis, tool development and devising strategies to counter threats earlier in their decision cycle. Brandon maintains a blog at http://blog.9bplus.com where he reports on targeted attacks, open source threat data and analysis tools. His research on various security topics has gained accolades from man6 years ago Read more -
Blog postEpisode 17
In this episode, Bob & Jay continue to get schooled on their 2015 DBIR data visualizations by Lane Harrison
VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/6 years ago Read more -
Blog postEpisode 16
In this episode, Bob & Jay get schooled on their 2015 DBIR data visualizations by Lane Harrison
VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/6 years ago Read more -
Blog postEpisode 15
In this episode, Bob & Jay provide your data-driven guide to BSides SF & RSA 2015
https://bsidessf2015.sched.org/event/2111124302d7368414eaff6e4e4ddf50 https://bsidessf2015.sched.org/event/d67eb601f2047dbec37f7de91c5e18a9 https://www.rsaconference.com/events/us15/agenda/sessions/1736/vulnerability-management-nirvana-a-study-in https://www.rsaconference.com/events/us15/agenda/sessions/1672/security-data-science-from-theory-to-reality https://www.rsaconference.com6 years ago Read more -
Blog postEpisode 14 In this episode, Jay & Bob get a data-driven conference review from Mike Sconzo & Jason Trost
Jason Trost Mike Sconzo Flocon 2015 Proceedings ShmooCon 2015 MC2 Workshop on Data-Driven Approaches to Security and Privacy
This podcast is a companion to Data-Driven Security (the book) & Data-Driven Security (the blog). You can find us on Twitter at @ddsecblog / @ddsecpodcast & directly at @hrbrmstr / @jayjacobs.
6 years ago Read more -
Blog postEpisode 13
In this episode, Jay & Bob deconstruct VizSec 13 with Lane Harrison & Sophie Engle
Sophie Engle Lane Harrison @VizSec Website: VizSec.org VizSec papers site (from @f2cx) VizSec 2014 Videos6 years ago Read more -
Blog postEpisode 12
In this episode, Jay & Bob put the “Myths of Security Data Science” to the test with three denizens of the SDS Rogues Gallery (Alex Pinto, Michael Roytman & David Severski) + answer listener questions and give a shout out to Seaborn
Watch the UNEDITED BLOOPER REEL!
Alex Pinto @mlsecproject
Michael Roytman @riskio
David Severski David's Blog
Seaborn Data-Driven Security 30% off!6 years ago Read more -
Blog postEpisode 11
In this episode, Jay & Bob talk Squirrels, Pigs & Maps with Preeminent Data Scientist Jason Trost from ThreatStream, and take a look at what's made the headlines in the data science community since last show.
Watch the UNEDITED BLOOPER REEL! Jason Trost covert.io blog ThreatStream Clairvoyant Squirrel: Large Scale Malicious Domain Classification Binary Pig Binary Pig github repo Modern Honey Network Roll Your Own IP Attack Graphs with IPew Map or Don't Map DAVIX6 years ago Read more -
Blog postEpisode 10
In this episode, Jay & Bob have a community discussion with John Langton & Alex Baker about their security data analysis & visualization startup: VisiTrend, and take a look at what's made the headlines in the data science community since last show.
Resources / people featured in the show:
VisiTrend - visitrend (twitter) Data science can't be point and click In-depth introduction to machine learning in 15 hours of expert videos Data Playlists Running6 years ago Read more -
Blog postEpisode 9
In this episode, Jay & Bob have a late night conversation with Mike Sconzo from Click Security about what got him into security data science along with a great discussion about machine learning and round out the show with a data science internet roundup
Resources / people featured in the episode:
Mike Sconzo - @sooshie B-Sides Machine Learning Click Security Data Hacking Data science: how is it different to statistics? - IMS Bulletin The Importance Of 'Janito6 years ago Read more -
Blog postEpisode 8
In this episode, Jay & Bob invite “The Gang” - Russell Thomas, Michael Roytman & Alex Pinto - back on to see what they’ve been up to since January, including recent talks and research projects, plus give a sneak peak into SIRAcon 2014 where they’ll all be presenting!
Resources / people featured in the episode:
Michael Roytman - @mroytman The Power Law of Information Alex Pinto - @alexcpsec Measuring the IQ of your Threat Intelligence feeds Secure Because7 years ago Read more -
Blog postEpisode 7
In this episode, Jay & Bob enter the echo chamber with Andrew Hay and Thibault Reuille of OpenDNS to talk about their new security data analysis/visualization tool - OpenGraphiti - being announced at BlackHat. Listen in to learn about how graph analysis can take your security practice to a whole other dimension.
Resources / people featured in the episode:
BlackHat Talk + Speaker profile OpenDNS + @opendns Thibault Reuille Andrew Hay Skyler Hawthorne OpenGraph7 years ago Read more -
Blog postEpisode 6
In this episode, Jay & Bob have a late-night chat with Stephen Boyer, CTO of BitSight about discerning information about the security health of an organization solely through what can be publicly observed and the tools & infrastructure such an undertaking requires. You'll also hear Stephen's thoughts on reproducible security research, what he looks for in a data scientist and how to communicate results clearly & effectively.
Resources / people featured in7 years ago Read more -
Blog postEpisode 5
In this episode, Jay & Bob sit down with David Severski, Manager of the Information Security program at Seattle Children's Hospital to talk about the challenges & rewards of building a data-driven security program from the ground up. Along the way, they cover education, tools, engaging the community and what lies ahead for data-driven security.
Resources / people featured in the episode:
David Severski's Blog - http://blog.severski.net/ Building a Log Ana7 years ago Read more -
Blog postEpisode 4
In this episode Bob & Jay talk with Kymberlee Price @kym_possible about her work with vulnerability data at BlackBerry and her real-life superheroic philanthropic work.
Resources / people featured in the episode:
One Spark Foundation - https://www.facebook.com/onesparkcanstartafire [FB] Beading Divas (Greyhound and general animal welfare advocates) Help Aidan Love Fight Cancer Project Genesis (advocacy and support for victims of human trafficking, Seattle has7 years ago Read more -
Blog postEpisode 3
METRICON 9/RSA 2014 EDITION!
In this episode Bob & Jay debrief from their exploits in San Francisco, including an in-depth look at the happenings at METRICON 9 and showcasing some the data-driven companies on the RSA show floor. They also discuss some recent blog posts and give a preview of upcoming podcast guests.
Resources / people featured in the episode:
METRICON 9 Agenda METRICON 9 - Storified Kymberlee Price Michael Roytman Paper by Roytman and7 years ago Read more -
Blog postEpisode 2!
In this episode of the Data Driven Security Podcast, Bob and Jay review the DDS coverage of Harvard's "Weathering the Data Storm" symposium including some specific focus on the IPython talk by Fernando Pérez, Cynthia Rudin's "Manhole Event" paper and the pretty consistent theme of "need to prove your models in little data before driving them to scale". Then, they execute a whirlwind review of recent blog posts, give a preview of an upcom7 years ago Read more -
Blog postEpisode 1
In this episode, Bob & Jay invite Alex Pinto (@alexcpsec), Michael Roytman (@mroytman) & Russ Thomas (@mrmeritology) on to the show to discuss what makes up "security data science". They delve into the tools of the trade, posit on future of the intersection of security and data science and relate their own personal & professional experiences trying to introduce "data science" into infosec. Bob & Jay also talk about recent blog posts and do7 years ago Read more -
Blog postEpisode 0
In this inaugural episode of the Data Driven Security Podcast, Bob and Jay introduce the podcast and themselves, showcase the new Data Driven Security blog and shill their upcoming book: Data Driven Security being published by Wiley Press in 2014.
Resources mentioned in the episode:
DDS blog DDS inaugural blog post Buy the book! Jay's personal blog Bob's personal blog Nathan Yau DDSec Home7 years ago Read more
There's a problem loading this menu right now.
Uncover hidden patterns of data and respond with countermeasures
Security professionals need all the tools at their disposal to increase their visibility in order to prevent security breaches and attacks. This careful guide explores two of the most powerful data analysis and visualization. You'll soon understand how to harness and wield data, from collection and storage to management and analysis as well as visualization and presentation. Using a hands-on approach with real-world examples, this book shows you how to gather feedback, measure the effectiveness of your security methods, and make better decisions.
Everything in this book will have practical application for information security professionals.
- Helps IT and security professionals understand and use data, so they can thwart attacks and understand and visualize vulnerabilities in their networks
- Includes more than a dozen real-world examples and hands-on exercises that demonstrate how to analyze security data and intelligence and translate that information into visualizations that make plain how to prevent attacks
- Covers topics such as how to acquire and prepare security data, use simple statistical methods to detect malware, predict rogue behavior, correlate security events, and more
- Written by a team of well-known experts in the field of security and data analysis
Lock down your networks, prevent hacks, and thwart malware by improving visibility into the environment, all through the power of data and Security Using Data Analysis, Visualization, and Dashboards.