Something went wrong. Please try your request again later.
Follow to get new release updates and improved recommendations
About Bob Rudis
Customers Also Bought Items By
Are you an author?
Help us improve our Author Pages by updating your bibliography and submitting a new or current image and biography.
Author Updates
-
-
Blog postI’ve been (mostly) keeping up with annual updates for my R/{sf} U.S. foliage post which you can find on GH. This year, we have Quarto, and it comes with so many batteries included that you’d think it was Christmas. One of those batteries is full support for the Observable runtime. These are used in {ojs} Quarto blocks, and rendered versions can run anywhere.
The Observable platform is great for both tinkering and publishing (we’re using it at work for some quick or experimental vis wo -
Blog postMy previous post announced a Rust-based command line tool for generating Quarto projects from Observable Notebooks.
Some folks may not want to use yet-another command line tool, and it dawned on me that it’d be more convenient to just do the conversion in-browser when one is already on a Notebook page. So, I dusted off some very creaky Chrome extension skills and put together an extension for doing just that.
It’s pretty straightforward:
navigate to a Notebook you want to -
Blog postThe previous post had some hacky R code to grab seekrit JSON data in ObservableHQ (OHQ) Notebooks and spit out a directory with a Quarto qmd and any associated FileAttachments. Holding firm to my “no more generic public R packages” decree, that’s as far as the R code for that utility is going to get.
Quarto, by design, is not married to the R ecosystem. This should help it get more traction in and outside of the broader data science crowd than R Markdown was able to attain. One big el -
Blog postEpisode 30
In this episode, Jay and Bob talk about the 2016 Verizon Data Breach Investigations Report (DBIR). But rather than talk about the insights and data analysis they focus in on the data visualizations. They are joined by Lane Harrison from Worcester Polytechnic Institute (WPI) and Ana Antanasoff and Gabrial Bassett from Verizon's Security Research Team.
Verizon DBIR -
Blog postEpisode 29
In this episode, Jay and Bob talk about power laws and their application in cyber security. First, they talk with Marshall Kuypers, a PhD candidate in Management Science and Engineering at Stanford University and discuss power laws in general. Second, they sit down with Michael Roytman, Data Scientist and Kenna Security to talk about power laws in cyber security.
Power Laws Probability Distributions -
Blog postEpisode 28
In this episode, Jay sat down with Doug Hubbard and Richard Seiersen to talk about their upcoming book "How to Measure Anything in Cybersecurity Risk". Bob talks about the rOpenSci unconference and the two talk about 2 recent publications.
rOpenSci rNOAA When-ish is my Bus (pdf) Dell Secureworks Underground Hacker Marketplace Report How to Measure Anything in Cybersecurity Risk -
Blog postStraight from the Book of PEP
thou shalt have no other languages before me thou shalt not compare me to R thou shalt not take the name of python or scikit-learn in vain keep holy the juypter notebook honour thy pip and thy modules thou shalt not ^C any running program, but shall exit cleanly thou shalt not “experiment” with R thou shalt utilize the whole CPU for thine is a single thread thou shalt not defame lesser languages (e.g. all of t -
Blog postEpisode 27
In this post-RSA conference episode, Jay participated with StoryCorps along with Wade Baker and the two reflected on their time working together on the Verizon Data Breach Investigations Report.
Find out more about StoryCorps at https://storycorps.org/ -
Blog postEpisode 26
In this episode, Bob sits down with co-workers on the data science team at Rapid 7. They explore the future of security data science, Heisenberg and Project Sonar.
Keep on top of Heisenberg developments at http://community.rapid7.com/ Find out more about Project Sonar at http://sonar.labs.rapid7.com/ and http://scans.io/ Get tools to work with both at http://github.com/rapid7 -
Blog postEpisode 25
In this episode, Bob & Jay talk amongst themselves. First they cover some recent work from Jay looking at Peer-to-Peer traffic and then they transition into conferences in 2016 with some element of being Data-Driven.
FloCon 2016 (you just missed it!)
January 9–12, 2017 in San Diego, CA
http://www.cert.org/flocon/ ShmooCon 2016
http://shmoocon.org/
January 15-17, 2016 in Washington, D.C. 2016 Cyber Risk Insights Conference
http://w -
Blog postWhile I may not be able to attend the 2016 RSA Conference, I can provide some recommendations for those seeking a more data-driven schedule between parties and recovery breakfasts.
There is a high likelihood that Advancing Information Risk Practices Seminar will have sage & practical advice on how to use data to best manage risk in your organization. The always amazing Anton Chuvakin’s session on Demystifying Security Analytics: Data, Methods, Use Cases will be a great prime -
Blog postEpisode 24
In this episode, Bob & Jay talk to Charles Givre who has been doing training sessions for professionals trying to learn data science and recently did a training at a recent BlackHat event.
Data-Driven Security: The Blog Data-Driven Security: The Book -
Blog postWe’re starting off the new year with two new ways to listen to the Data-Driven Security Podcast!
First, we have our own Overcast station fully loaded with the previous two seasons of shows. You can listen to them online right on Overcast.fm or use their minimalist but highly functional app for iOS.
You can also find and add the podcast on TuneIn! It was crazy-cool to be able to tell the Amazon Echo: “Alexa, tune in to the Data-Driven Security podcast” and have it actually work -
Blog postEpisode 23
In this episode, Bob & Jay talk tools (other than R and Python) for working with data: Excel, Tableau and AWS cloud services.
Quick Look plugins Tableau 023.m4aom/new/feed/">AWS Main RSS Feed EC2 Official Feed Quick Look plugins Data-Driven Security: The Blog Data-Driven Security: The Book -
Blog postThere is a lot of misperception around sample sizes and the confusion happens on both sides of the research. A common question when researchers are starting out is, “How big should my sample size be?.” To help with that, there are handy calculators all over the Internet. But the more troubling part of misunderstanding sample size happens when people consume research and attempt to dismiss it claiming the sample size is too small. To make matters worse, we are in the age of big data where mill
-
Blog postEpisode 22
In this episode, Bob & Jay dissect the looming corpse of security data science with special guest Allison Miller.
Data mining firewall logs : Principal Component Analysis Machine Learning Is Cybersecurity's Latest Pipe Dream Data-Driven Security: The Blog Data-Driven Security: The Book -
Blog postEpisode 21
In this episode, Bob & Jay talk data-driven security conferences with Lane Harrison, an assistant professor in Computer Science at Worcester Polytechnic Institute.
SIRACon VizSec -
Blog postEpisode 20
In this episode, Bob & Jay talk security research with Ben Edwards, a security researcher with the University of New Mexico.
Ben's List of Research Papers The Complex Science of Cyber Defense Hype and Heavy Tails: A Closer Look at Data Breaches (pdf) -
Blog postWe have some strange data in cybersecurity. One of the (IMO) stranger data files is a Domain Name System (DNS) zone file. This file contains mappings between domain names and IP addresses (and other things) represented by “resource records”.
Here’s an example for the dummy/example domain example.com:
$ORIGIN example.com. ; designates the start of this zone file in the namespace $TTL 1h ; default expiration time of all resource records without their own TTL value example.com. -
Blog postEpisode 19
In this episode, Bob & Jay talk #rstats with Oliver Keyes from the Wikimedia Foundation.
Wikimedia foundation - https://wikimediafoundation.org/wiki/Home Oliver on Twitter - https://twitter.com/quominus Oliver on GitHub - https://github.com/ironholds R Talk Podcast - http://rtalk.org/ *Not* Oliver's #rstats podcast: http://www.r-podcast.org/ EARL 2015 Boston - http://www.earl-conference.com/boston/ rOpenSec - https://github.com/rOpenSec -
Blog postThis was (initially) going to be a blog post announcing the new mhn R package (more on what that is in a bit) but somewhere along the way we ended up taking a left turn at Albuquerque (as we often do here at ddsec hq) and had an adventure in a twisty maze of Modern Honey Network passages that we thought we’d relate to everyone.
Episode 0 : The Quest! We find our intrepid heroes data scientists finally getting around to playing with the Modern Honey Network (MHN) software tha -
Blog postWe just did a github release for an R package that provides an interface to the DomainTools API. It provides access to the core API functions that aren’t restricted (i.e. the ones we have access to):
domaintools_api_key: Get or set DOMAINTOOLS_API_KEY value domaintools_username: Get or set DOMAINTOOLS_API_USERNAME value domain_profile: Domain Profile hosting_history: Hosting History parsed_whois: Parsed Whois reverse_ip: Reverse IP reverse_ns: Reverse Nameser -
Blog postFor those not involved with all things “cyber”, let me start with a description of what Shodan is (though visiting the site is probably the best introduction to what secrets it holds).
Shodan is—at it’s core—a search engine. Unlike Google, Shodan indexes what I’ll call “cyber” metadata and content about everything accessible via a public IP address. This means things like
routers, switches and cable/DSL/FiOS modems (which are the underpinnings of our innternet acces -
Blog postUPDATE: RBerkeley is now on CRAN
If you made it to Chapter 8 of Data-Driven Security after ~October 2014 and tried to run the BerkeleyDB R example, you were greeted with:
Warning in install.packages : package ‘RBerkely’ is not available (for R version [YOUR_R_VERSION]) That’s due to the fact that it was removed from CRAN at the end of September, 2014 because the package author & maintainer did not respond to requests from the CRAN team to update the package to c -
Blog postThe R world has come a long way since Jay & I wrote Data-Driven Security. We had to make a conscious decision to stick with R 2.14.0 (R is at version 3.2.1 now) and packages such as knitr and dplyr either didn’t exist or were in their infancy.
In Chapter 4, we showed some very basic exploratory data analysis and visualization. One of those examples showed how to do a basic network visualization of the ZeuS botnet nodes, clustered by country of origin.
We turned s -
Blog postEpisode 18
In this episode, Bob & Jay have a heated discussion about visualization and security with Brandon Dixon of PassiveTotal
Brandon's primary research involves data analysis, tool development and devising strategies to counter threats earlier in their decision cycle. Brandon maintains a blog at http://blog.9bplus.com where he reports on targeted attacks, open source threat data and analysis tools. His research on various security topics has gained accolades from man -
Blog postEpisode 17
In this episode, Bob & Jay continue to get schooled on their 2015 DBIR data visualizations by Lane Harrison
VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/ -
Blog postEpisode 16
In this episode, Bob & Jay get schooled on their 2015 DBIR data visualizations by Lane Harrison
VizSec 2015 - http://vizsec.org/ 2015 DBIR - http://verizonenterprise.com/DBIR/2015/ Searchable VizSec archive - http://vizsec.dbvis.de/ Figure 19 Interactive - http://vz-risk.github.io/dbir/2015/19/ -
Blog postEpisode 15
In this episode, Bob & Jay provide your data-driven guide to BSides SF & RSA 2015
https://bsidessf2015.sched.org/event/2111124302d7368414eaff6e4e4ddf50 https://bsidessf2015.sched.org/event/d67eb601f2047dbec37f7de91c5e18a9 https://www.rsaconference.com/events/us15/agenda/sessions/1736/vulnerability-management-nirvana-a-study-in https://www.rsaconference.com/events/us15/agenda/sessions/1672/security-data-science-from-theory-to-reality https://www.rsaconference.com -
Blog postEpisode 14 In this episode, Jay & Bob get a data-driven conference review from Mike Sconzo & Jason Trost
Jason Trost Mike Sconzo Flocon 2015 Proceedings ShmooCon 2015 MC2 Workshop on Data-Driven Approaches to Security and Privacy
This podcast is a companion to Data-Driven Security (the book) & Data-Driven Security (the blog). You can find us on Twitter at @ddsecblog / @ddsecpodcast & directly at @hrbrmstr / @jayjacobs.
-
Blog postEpisode 13
In this episode, Jay & Bob deconstruct VizSec 13 with Lane Harrison & Sophie Engle
Sophie Engle Lane Harrison @VizSec Website: VizSec.org VizSec papers site (from @f2cx) VizSec 2014 Videos -
Blog postEpisode 12
In this episode, Jay & Bob put the “Myths of Security Data Science” to the test with three denizens of the SDS Rogues Gallery (Alex Pinto, Michael Roytman & David Severski) + answer listener questions and give a shout out to Seaborn
Watch the UNEDITED BLOOPER REEL!
Alex Pinto @mlsecproject
Michael Roytman @riskio
David Severski David's Blog
Seaborn Data-Driven Security 30% off! -
Blog postEpisode 11
In this episode, Jay & Bob talk Squirrels, Pigs & Maps with Preeminent Data Scientist Jason Trost from ThreatStream, and take a look at what's made the headlines in the data science community since last show.
Watch the UNEDITED BLOOPER REEL! Jason Trost covert.io blog ThreatStream Clairvoyant Squirrel: Large Scale Malicious Domain Classification Binary Pig Binary Pig github repo Modern Honey Network Roll Your Own IP Attack Graphs with IPew Map or Don't Map DAVIX -
Blog postEpisode 10
In this episode, Jay & Bob have a community discussion with John Langton & Alex Baker about their security data analysis & visualization startup: VisiTrend, and take a look at what's made the headlines in the data science community since last show.
Resources / people featured in the show:
VisiTrend - visitrend (twitter) Data science can't be point and click In-depth introduction to machine learning in 15 hours of expert videos Data Playlists Running -
Blog postEpisode 9
In this episode, Jay & Bob have a late night conversation with Mike Sconzo from Click Security about what got him into security data science along with a great discussion about machine learning and round out the show with a data science internet roundup
Resources / people featured in the episode:
Mike Sconzo - @sooshie B-Sides Machine Learning Click Security Data Hacking Data science: how is it different to statistics? - IMS Bulletin The Importance Of 'Janito -
Blog postEpisode 8
In this episode, Jay & Bob invite “The Gang” - Russell Thomas, Michael Roytman & Alex Pinto - back on to see what they’ve been up to since January, including recent talks and research projects, plus give a sneak peak into SIRAcon 2014 where they’ll all be presenting!
Resources / people featured in the episode:
Michael Roytman - @mroytman The Power Law of Information Alex Pinto - @alexcpsec Measuring the IQ of your Threat Intelligence feeds Secure Because -
Blog postEpisode 7
In this episode, Jay & Bob enter the echo chamber with Andrew Hay and Thibault Reuille of OpenDNS to talk about their new security data analysis/visualization tool - OpenGraphiti - being announced at BlackHat. Listen in to learn about how graph analysis can take your security practice to a whole other dimension.
Resources / people featured in the episode:
BlackHat Talk + Speaker profile OpenDNS + @opendns Thibault Reuille Andrew Hay Skyler Hawthorne OpenGraph -
Blog postEpisode 6
In this episode, Jay & Bob have a late-night chat with Stephen Boyer, CTO of BitSight about discerning information about the security health of an organization solely through what can be publicly observed and the tools & infrastructure such an undertaking requires. You'll also hear Stephen's thoughts on reproducible security research, what he looks for in a data scientist and how to communicate results clearly & effectively.
Resources / people featured in -
Blog postEpisode 5
In this episode, Jay & Bob sit down with David Severski, Manager of the Information Security program at Seattle Children's Hospital to talk about the challenges & rewards of building a data-driven security program from the ground up. Along the way, they cover education, tools, engaging the community and what lies ahead for data-driven security.
Resources / people featured in the episode:
David Severski's Blog - http://blog.severski.net/ Building a Log Ana -
Blog postEpisode 4
In this episode Bob & Jay talk with Kymberlee Price @kym_possible about her work with vulnerability data at BlackBerry and her real-life superheroic philanthropic work.
Resources / people featured in the episode:
One Spark Foundation - https://www.facebook.com/onesparkcanstartafire [FB] Beading Divas (Greyhound and general animal welfare advocates) Help Aidan Love Fight Cancer Project Genesis (advocacy and support for victims of human trafficking, Seattle has -
Blog postEpisode 3
METRICON 9/RSA 2014 EDITION!
In this episode Bob & Jay debrief from their exploits in San Francisco, including an in-depth look at the happenings at METRICON 9 and showcasing some the data-driven companies on the RSA show floor. They also discuss some recent blog posts and give a preview of upcoming podcast guests.
Resources / people featured in the episode:
METRICON 9 Agenda METRICON 9 - Storified Kymberlee Price Michael Roytman Paper by Roytman and -
Blog postEpisode 2!
In this episode of the Data Driven Security Podcast, Bob and Jay review the DDS coverage of Harvard's "Weathering the Data Storm" symposium including some specific focus on the IPython talk by Fernando Pérez, Cynthia Rudin's "Manhole Event" paper and the pretty consistent theme of "need to prove your models in little data before driving them to scale". Then, they execute a whirlwind review of recent blog posts, give a preview of an upcom -
Blog postEpisode 1
In this episode, Bob & Jay invite Alex Pinto (@alexcpsec), Michael Roytman (@mroytman) & Russ Thomas (@mrmeritology) on to the show to discuss what makes up "security data science". They delve into the tools of the trade, posit on future of the intersection of security and data science and relate their own personal & professional experiences trying to introduce "data science" into infosec. Bob & Jay also talk about recent blog posts and do -
Blog postEpisode 0
In this inaugural episode of the Data Driven Security Podcast, Bob and Jay introduce the podcast and themselves, showcase the new Data Driven Security blog and shill their upcoming book: Data Driven Security being published by Wiley Press in 2014.
Resources mentioned in the episode:
DDS blog DDS inaugural blog post Buy the book! Jay's personal blog Bob's personal blog Nathan Yau DDSec Home
Titles By Bob Rudis
