Explore methods for quantifying and measuring cybersecurity capabilities in this 44-minute keynote address from APPSEC Cali 2018. Discover how to assess security improvements as businesses scale, covering increased staff, systems, software, cloud platforms, third parties, and market expansion. Learn data-driven approaches to evaluate security effectiveness, including Bayesian methods, vulnerability escape rates, and survival analysis. Gain insights from Richard Seiersen, SVP/CISO of Lending Club, on developing quantitatively informed strategies, building scalable agile teams, and making digital risk measurable. Understand how to apply these concepts to large enterprise risk assessment and security assurance, even when data is limited.
Overview
Syllabus
Intro
Measurement Experts
The Object of Measurement
Natural Sciences Examples
Object of Measurement
Breach
Bayesian Methods
Data Science
Vulnerability Escape Rates
What if you have no data
Large enterprise risk
How do we get probabilities
Be a Bookie
Survival Analysis
Can This Be Applied Assurance
Taught by
OWASP Foundation
