�ݺ�ߣshows by User: MichaelRoytman

�ݺ�ߣshows by User: MichaelRoytman / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: MichaelRoytman / Fri, 06 Oct 2023 17:19:12 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: MichaelRoytman CyberTechEurope.pptx /slideshow/cybertecheuropepptx/261846784 cybertecheurope-231006171912-fc57fef5
Michael Roytman's CyberTech EU presentation. This was presented in October 2023 and includes data about vulnerabilities from 660 Cisco Vulnerability Management Customers. For a deeper dive, see the prioritization to prediction reports: https://www.cyentia.com/prioritization-to-prediction-v9/. All of the data is generated from aggregated data from Cisco VM (Kenna) customers, or from telemetry data from Cisco, Alienvault, Reversings Labs, etc. ]]>
Michael Roytman's CyberTech EU presentation. This was presented in October 2023 and includes data about vulnerabilities from 660 Cisco Vulnerability Management Customers. For a deeper dive, see the prioritization to prediction reports: https://www.cyentia.com/prioritization-to-prediction-v9/. All of the data is generated from aggregated data from Cisco VM (Kenna) customers, or from telemetry data from Cisco, Alienvault, Reversings Labs, etc. ]]> Fri, 06 Oct 2023 17:19:12 GMT /slideshow/cybertecheuropepptx/261846784 MichaelRoytman@slideshare.net(MichaelRoytman) CyberTechEurope.pptx MichaelRoytman Michael Roytman's CyberTech EU presentation. This was presented in October 2023 and includes data about vulnerabilities from 660 Cisco Vulnerability Management Customers. For a deeper dive, see the prioritization to prediction reports: https://www.cyentia.com/prioritization-to-prediction-v9/. All of the data is generated from aggregated data from Cisco VM (Kenna) customers, or from telemetry data from Cisco, Alienvault, Reversings Labs, etc. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/cybertecheurope-231006171912-fc57fef5-thumbnail.jpg?width=120&height=120&fit=bounds" /> Michael Roytman's CyberTech EU presentation. This was presented in October 2023 and includes data about vulnerabilities from 660 Cisco Vulnerability Management Customers. For a deeper dive, see the prioritization to prediction reports: https://www.cyentia.com/prioritization-to-prediction-v9/. All of the data is generated from aggregated data from Cisco VM (Kenna) customers, or from telemetry data from Cisco, Alienvault, Reversings Labs, etc.

CyberTechEurope.pptx from Michael Roytman

]]> 117 0 https://cdn.slidesharecdn.com/ss_thumbnails/cybertecheurope-231006171912-fc57fef5-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 O'Reilly Security New York - Predicting Exploitability Final /slideshow/oreilly-security-new-york-predicting-exploitability-final/81442587 predictingexploitability-final-oreilly-171031235602
Security is all about reacting. It’s time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable. Michael offers an overview of the process. Kenna enriches the data with more specific, nondefinitional-level data. 500 million live vulnerabilities and their associated close rates inform the epidemiological data, as well as “in the wild” threat data from AlienVault’s OTX and SecureWorks’s CTU, Reversing Labs, and ISC SANS. The company uses 70% of the national vulnerability database as its training dataset and generates over 20,000 predictions on the remainder of the vulnerabilities. It then measures specificity and sensitivity, positive predictive value, and false positive and false negative rates before arriving at an optimal decision cutoff for the problem.]]>
Security is all about reacting. It’s time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable. Michael offers an overview of the process. Kenna enriches the data with more specific, nondefinitional-level data. 500 million live vulnerabilities and their associated close rates inform the epidemiological data, as well as “in the wild” threat data from AlienVault’s OTX and SecureWorks’s CTU, Reversing Labs, and ISC SANS. The company uses 70% of the national vulnerability database as its training dataset and generates over 20,000 predictions on the remainder of the vulnerabilities. It then measures specificity and sensitivity, positive predictive value, and false positive and false negative rates before arriving at an optimal decision cutoff for the problem.]]> Tue, 31 Oct 2017 23:56:02 GMT /slideshow/oreilly-security-new-york-predicting-exploitability-final/81442587 MichaelRoytman@slideshare.net(MichaelRoytman) O'Reilly Security New York - Predicting Exploitability Final MichaelRoytman Security is all about reacting. It’s time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable. Michael offers an overview of the process. Kenna enriches the data with more specific, nondefinitional-level data. 500 million live vulnerabilities and their associated close rates inform the epidemiological data, as well as “in the wild” threat data from AlienVault’s OTX and SecureWorks’s CTU, Reversing Labs, and ISC SANS. The company uses 70% of the national vulnerability database as its training dataset and generates over 20,000 predictions on the remainder of the vulnerabilities. It then measures specificity and sensitivity, positive predictive value, and false positive and false negative rates before arriving at an optimal decision cutoff for the problem. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/predictingexploitability-final-oreilly-171031235602-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security is all about reacting. It’s time to make some predictions. Michael Roytman explains how Kenna Security used the AWS Machine Learning platform to train a binary classifier for vulnerabilities, allowing the company to predict whether or not a vulnerability will become exploitable. Michael offers an overview of the process. Kenna enriches the data with more specific, nondefinitional-level data. 500 million live vulnerabilities and their associated close rates inform the epidemiological data, as well as “in the wild” threat data from AlienVault’s OTX and SecureWorks’s CTU, Reversing Labs, and ISC SANS. The company uses 70% of the national vulnerability database as its training dataset and generates over 20,000 predictions on the remainder of the vulnerabilities. It then measures specificity and sensitivity, positive predictive value, and false positive and false negative rates before arriving at an optimal decision cutoff for the problem.

O'Reilly Security New York - Predicting Exploitability Final from Michael Roytman

]]> 1356 5 https://cdn.slidesharecdn.com/ss_thumbnails/predictingexploitability-final-oreilly-171031235602-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 RSA 2017 - Predicting Exploitability - With Predictions /slideshow/rsa-2017-predicting-exploitability-with-predictions/72205886 predictingexploitability-170216001350
Data driven decision making can be retrospective, real-time, or predictive. We use Amazon Machine Learning to predict the probability that a vulnerability will become exploited, using only the data available when a vulnerability is released.]]>
Data driven decision making can be retrospective, real-time, or predictive. We use Amazon Machine Learning to predict the probability that a vulnerability will become exploited, using only the data available when a vulnerability is released.]]> Thu, 16 Feb 2017 00:13:50 GMT /slideshow/rsa-2017-predicting-exploitability-with-predictions/72205886 MichaelRoytman@slideshare.net(MichaelRoytman) RSA 2017 - Predicting Exploitability - With Predictions MichaelRoytman Data driven decision making can be retrospective, real-time, or predictive. We use Amazon Machine Learning to predict the probability that a vulnerability will become exploited, using only the data available when a vulnerability is released. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/predictingexploitability-170216001350-thumbnail.jpg?width=120&height=120&fit=bounds" /> Data driven decision making can be retrospective, real-time, or predictive. We use Amazon Machine Learning to predict the probability that a vulnerability will become exploited, using only the data available when a vulnerability is released.

RSA 2017 - Predicting Exploitability - With Predictions from Michael Roytman

]]> 485 2 https://cdn.slidesharecdn.com/ss_thumbnails/predictingexploitability-170216001350-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Predicting Exploitability /slideshow/predicting-exploitability/67197342 predictingexploitability-161014215248
Data driven decision making can be retrospective, real-time, or predictive. We use Amazon Machine Learning to predict the probability that a vulnerability will become exploited, using only the data available when a vulnerability is released. ]]>
Data driven decision making can be retrospective, real-time, or predictive. We use Amazon Machine Learning to predict the probability that a vulnerability will become exploited, using only the data available when a vulnerability is released. ]]> Fri, 14 Oct 2016 21:52:48 GMT /slideshow/predicting-exploitability/67197342 MichaelRoytman@slideshare.net(MichaelRoytman) Predicting Exploitability MichaelRoytman Data driven decision making can be retrospective, real-time, or predictive. We use Amazon Machine Learning to predict the probability that a vulnerability will become exploited, using only the data available when a vulnerability is released. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/predictingexploitability-161014215248-thumbnail.jpg?width=120&height=120&fit=bounds" /> Data driven decision making can be retrospective, real-time, or predictive. We use Amazon Machine Learning to predict the probability that a vulnerability will become exploited, using only the data available when a vulnerability is released.

Predicting Exploitability from Michael Roytman

]]> 1863 4 https://cdn.slidesharecdn.com/ss_thumbnails/predictingexploitability-161014215248-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Chicago Security Meetup 08/2016 /slideshow/chicago-security-meetup-082016/65179174 mrhuman-160820043807
Security Metrics are often about the performance of information security professionals - traditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how successful your metrics program is at operationalizing that which is necessary to prevent a breach? The data we'll explore defined the 2016 Verizon DBIR Vulnerabilities section. This talk will borrow concepts from epidemiology, repeated game theory, classical and causal probability theory in order to demonstrate some inventive metrics for evaluating vulnerability management strategies. Not all vulnerabilities are at risk of being breached. Not all people are at risk for catching the flu. By analogy, we are trying to be effective at catching the "disease" of vulnerabilities which are susceptible to breaches, and not all are. How do we determine what is truly critical? How do we determine if we are effective at remediating what is truly critical? Because the incidence of disease is unknown, the absolute risk can not be calculated. This talk will introduce some concepts from other fields for dealing with infosec uncertainty. Attackers are human too - and currently available data allows us to make some predictions about how they'll behave. And to predict is to prevent.]]>
Security Metrics are often about the performance of information security professionals - traditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how successful your metrics program is at operationalizing that which is necessary to prevent a breach? The data we'll explore defined the 2016 Verizon DBIR Vulnerabilities section. This talk will borrow concepts from epidemiology, repeated game theory, classical and causal probability theory in order to demonstrate some inventive metrics for evaluating vulnerability management strategies. Not all vulnerabilities are at risk of being breached. Not all people are at risk for catching the flu. By analogy, we are trying to be effective at catching the "disease" of vulnerabilities which are susceptible to breaches, and not all are. How do we determine what is truly critical? How do we determine if we are effective at remediating what is truly critical? Because the incidence of disease is unknown, the absolute risk can not be calculated. This talk will introduce some concepts from other fields for dealing with infosec uncertainty. Attackers are human too - and currently available data allows us to make some predictions about how they'll behave. And to predict is to prevent.]]> Sat, 20 Aug 2016 04:38:07 GMT /slideshow/chicago-security-meetup-082016/65179174 MichaelRoytman@slideshare.net(MichaelRoytman) Chicago Security Meetup 08/2016 MichaelRoytman Security Metrics are often about the performance of information security professionals - traditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how successful your metrics program is at operationalizing that which is necessary to prevent a breach? The data we'll explore defined the 2016 Verizon DBIR Vulnerabilities section. This talk will borrow concepts from epidemiology, repeated game theory, classical and causal probability theory in order to demonstrate some inventive metrics for evaluating vulnerability management strategies. Not all vulnerabilities are at risk of being breached. Not all people are at risk for catching the flu. By analogy, we are trying to be effective at catching the "disease" of vulnerabilities which are susceptible to breaches, and not all are. How do we determine what is truly critical? How do we determine if we are effective at remediating what is truly critical? Because the incidence of disease is unknown, the absolute risk can not be calculated. This talk will introduce some concepts from other fields for dealing with infosec uncertainty. Attackers are human too - and currently available data allows us to make some predictions about how they'll behave. And to predict is to prevent. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/mrhuman-160820043807-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security Metrics are often about the performance of information security professionals - traditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how successful your metrics program is at operationalizing that which is necessary to prevent a breach? The data we'll explore defined the 2016 Verizon DBIR Vulnerabilities section. This talk will borrow concepts from epidemiology, repeated game theory, classical and causal probability theory in order to demonstrate some inventive metrics for evaluating vulnerability management strategies. Not all vulnerabilities are at risk of being breached. Not all people are at risk for catching the flu. By analogy, we are trying to be effective at catching the "disease" of vulnerabilities which are susceptible to breaches, and not all are. How do we determine what is truly critical? How do we determine if we are effective at remediating what is truly critical? Because the incidence of disease is unknown, the absolute risk can not be calculated. This talk will introduce some concepts from other fields for dealing with infosec uncertainty. Attackers are human too - and currently available data allows us to make some predictions about how they'll behave. And to predict is to prevent.

Chicago Security Meetup 08/2016 from Michael Roytman

]]> 297 2 https://cdn.slidesharecdn.com/ss_thumbnails/mrhuman-160820043807-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Data Metrics and Automation: A Strange Loop - SIRAcon 2015 /slideshow/data-metrics-and-automation-a-strange-loop-siracon-2015/54487914 siracon2015-151028165720-lva1-app6891
Data informs Metrics, and Metrics are the basis for Automation in all fields. In information security, we are a at critical new juncture - an influx of data allows us to automate whole new subsets of the field. Doing so systematically and methodically, with appropriate frameworks, is a bigger challenge. ]]>
Data informs Metrics, and Metrics are the basis for Automation in all fields. In information security, we are a at critical new juncture - an influx of data allows us to automate whole new subsets of the field. Doing so systematically and methodically, with appropriate frameworks, is a bigger challenge. ]]> Wed, 28 Oct 2015 16:57:20 GMT /slideshow/data-metrics-and-automation-a-strange-loop-siracon-2015/54487914 MichaelRoytman@slideshare.net(MichaelRoytman) Data Metrics and Automation: A Strange Loop - SIRAcon 2015 MichaelRoytman Data informs Metrics, and Metrics are the basis for Automation in all fields. In information security, we are a at critical new juncture - an influx of data allows us to automate whole new subsets of the field. Doing so systematically and methodically, with appropriate frameworks, is a bigger challenge. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/siracon2015-151028165720-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> Data informs Metrics, and Metrics are the basis for Automation in all fields. In information security, we are a at critical new juncture - an influx of data allows us to automate whole new subsets of the field. Doing so systematically and methodically, with appropriate frameworks, is a bigger challenge.

Data Metrics and Automation: A Strange Loop - SIRAcon 2015 from Michael Roytman

]]> 1028 5 https://cdn.slidesharecdn.com/ss_thumbnails/siracon2015-151028165720-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Who Watches the Watchers Metrics for Security Strategy - BsidesLV 2015 - Roytman /MichaelRoytman/who-watches-the-watchers-metrics-for-security-strategy-bsideslv-2015-roytman bsideslv2015-150817192936-lva1-app6891
Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach? Associated Discussion - http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/gt06-who-watches-the-watchers-metrics-for-security-strategy-michael-roytman]]>
Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach? Associated Discussion - http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/gt06-who-watches-the-watchers-metrics-for-security-strategy-michael-roytman]]> Mon, 17 Aug 2015 19:29:35 GMT /MichaelRoytman/who-watches-the-watchers-metrics-for-security-strategy-bsideslv-2015-roytman MichaelRoytman@slideshare.net(MichaelRoytman) Who Watches the Watchers Metrics for Security Strategy - BsidesLV 2015 - Roytman MichaelRoytman Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach? Associated Discussion - http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/gt06-who-watches-the-watchers-metrics-for-security-strategy-michael-roytman <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bsideslv2015-150817192936-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds" /> Security Metrics are often about the performance of information security professionals - tranditional ones are centered around vulnerability close rates, timelines, or criticality ratings. But how does one measure if those metrics are the rights ones? How does one measure risk reduction, or how sucecssful your metrics program is at operationalizing that which is necessary to prevent a breach? Associated Discussion - http://www.irongeek.com/i.php?page=videos/bsideslasvegas2015/gt06-who-watches-the-watchers-metrics-for-security-strategy-michael-roytman

Who Watches the Watchers Metrics for Security Strategy - BsidesLV 2015 - Roytman from Michael Roytman

]]> 763 9 https://cdn.slidesharecdn.com/ss_thumbnails/bsideslv2015-150817192936-lva1-app6891-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Attacker Behavior Boston Security Conference 2015 /slideshow/attacker-behavior-boston-security-conference-2015/47041674 attackerbehaviorboston-150415141207-conversion-gate01
Game theory applied to information security. Data from 2014 shows that attackers go after the low hanging fruit when it comes to choosing which vulnerabilities to exploit.]]>
Game theory applied to information security. Data from 2014 shows that attackers go after the low hanging fruit when it comes to choosing which vulnerabilities to exploit.]]> Wed, 15 Apr 2015 14:12:07 GMT /slideshow/attacker-behavior-boston-security-conference-2015/47041674 MichaelRoytman@slideshare.net(MichaelRoytman) Attacker Behavior Boston Security Conference 2015 MichaelRoytman Game theory applied to information security. Data from 2014 shows that attackers go after the low hanging fruit when it comes to choosing which vulnerabilities to exploit. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/attackerbehaviorboston-150415141207-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Game theory applied to information security. Data from 2014 shows that attackers go after the low hanging fruit when it comes to choosing which vulnerabilities to exploit.

Attacker Behavior Boston Security Conference 2015 from Michael Roytman

]]> 682 5 https://cdn.slidesharecdn.com/ss_thumbnails/attackerbehaviorboston-150415141207-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Data Science ATL Meetup - Risk I/O Security Data Science /slideshow/data-science-atl-meetup-risk-io-security-data-science/38106653 gtridatascience-140818152551-phpapp01
This is a talk about data science operations and the applications of Risk I/Os insights to the security industry - how we went about mining insights from our large dataset]]>
This is a talk about data science operations and the applications of Risk I/Os insights to the security industry - how we went about mining insights from our large dataset]]> Mon, 18 Aug 2014 15:25:51 GMT /slideshow/data-science-atl-meetup-risk-io-security-data-science/38106653 MichaelRoytman@slideshare.net(MichaelRoytman) Data Science ATL Meetup - Risk I/O Security Data Science MichaelRoytman This is a talk about data science operations and the applications of Risk I/Os insights to the security industry - how we went about mining insights from our large dataset <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/gtridatascience-140818152551-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> This is a talk about data science operations and the applications of Risk I/Os insights to the security industry - how we went about mining insights from our large dataset

Data Science ATL Meetup - Risk I/O Security Data Science from Michael Roytman

]]> 1280 3 https://cdn.slidesharecdn.com/ss_thumbnails/gtridatascience-140818152551-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Fix What Matters: BSidesDetroit 2014 /slideshow/fix-what-matters-bsidesdetroit-2014/37015481 bsidesdetroit2014-140715155116-phpapp02
Heartbleed has exposed a weakness in the way we assess risk in information security. We use archaic methods and ignore new data when assessing what to fix, and we rarely go back to see what new data is telling us. In this talk, we explore new, data-driven approaches to vulnerability management.]]>
Heartbleed has exposed a weakness in the way we assess risk in information security. We use archaic methods and ignore new data when assessing what to fix, and we rarely go back to see what new data is telling us. In this talk, we explore new, data-driven approaches to vulnerability management.]]> Tue, 15 Jul 2014 15:51:16 GMT /slideshow/fix-what-matters-bsidesdetroit-2014/37015481 MichaelRoytman@slideshare.net(MichaelRoytman) Fix What Matters: BSidesDetroit 2014 MichaelRoytman Heartbleed has exposed a weakness in the way we assess risk in information security. We use archaic methods and ignore new data when assessing what to fix, and we rarely go back to see what new data is telling us. In this talk, we explore new, data-driven approaches to vulnerability management. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bsidesdetroit2014-140715155116-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Heartbleed has exposed a weakness in the way we assess risk in information security. We use archaic methods and ignore new data when assessing what to fix, and we rarely go back to see what new data is telling us. In this talk, we explore new, data-driven approaches to vulnerability management.

Fix What Matters: BSidesDetroit 2014 from Michael Roytman

]]> 601 2 https://cdn.slidesharecdn.com/ss_thumbnails/bsidesdetroit2014-140715155116-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Risk IO Webisode 1: The Breach Landscape /slideshow/risk-io-webisode-1-the-breach-landscape/35224588 breachlandscape-140528121311-phpapp01
This is a week over week assessment of how information security breaches occur and which attack paths are most utilized this week. (June 2014). The approach is a data driven visualization method for determining which attack paths put an organization most at risk.]]>
This is a week over week assessment of how information security breaches occur and which attack paths are most utilized this week. (June 2014). The approach is a data driven visualization method for determining which attack paths put an organization most at risk.]]> Wed, 28 May 2014 12:13:11 GMT /slideshow/risk-io-webisode-1-the-breach-landscape/35224588 MichaelRoytman@slideshare.net(MichaelRoytman) Risk IO Webisode 1: The Breach Landscape MichaelRoytman This is a week over week assessment of how information security breaches occur and which attack paths are most utilized this week. (June 2014). The approach is a data driven visualization method for determining which attack paths put an organization most at risk. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/breachlandscape-140528121311-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> This is a week over week assessment of how information security breaches occur and which attack paths are most utilized this week. (June 2014). The approach is a data driven visualization method for determining which attack paths put an organization most at risk.

Risk IO Webisode 1: The Breach Landscape from Michael Roytman

]]> 371 4 https://cdn.slidesharecdn.com/ss_thumbnails/breachlandscape-140528121311-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 A Heartbleed By Any Other Name - Data Driven Vulnerability Management /MichaelRoytman/a-heartbleed-by-any-other-name-vulnerability-management-oversights heartbleedbyanyothername-140509113137-phpapp02
The heartbleed vulnerability exposes a weakness in current vulnerability management practices - namely, they aren't driven by the data. Starting with the data, we identify 4 vulnerabilities which are arugably more important than Heartbleed. ]]>
The heartbleed vulnerability exposes a weakness in current vulnerability management practices - namely, they aren't driven by the data. Starting with the data, we identify 4 vulnerabilities which are arugably more important than Heartbleed. ]]> Fri, 09 May 2014 11:31:37 GMT /MichaelRoytman/a-heartbleed-by-any-other-name-vulnerability-management-oversights MichaelRoytman@slideshare.net(MichaelRoytman) A Heartbleed By Any Other Name - Data Driven Vulnerability Management MichaelRoytman The heartbleed vulnerability exposes a weakness in current vulnerability management practices - namely, they aren't driven by the data. Starting with the data, we identify 4 vulnerabilities which are arugably more important than Heartbleed. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/heartbleedbyanyothername-140509113137-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> The heartbleed vulnerability exposes a weakness in current vulnerability management practices - namely, they aren't driven by the data. Starting with the data, we identify 4 vulnerabilities which are arugably more important than Heartbleed.

A Heartbleed By Any Other Name - Data Driven Vulnerability Management from Michael Roytman

]]> 1745 3 https://cdn.slidesharecdn.com/ss_thumbnails/heartbleedbyanyothername-140509113137-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Measure What You FIx: Asset Risk Management Done Right /slideshow/measure-what-you-fix-asset-risk-management-done-right/34105760 assetriskmanagement-140429205728-phpapp01
]]>
]]> Tue, 29 Apr 2014 20:57:27 GMT /slideshow/measure-what-you-fix-asset-risk-management-done-right/34105760 MichaelRoytman@slideshare.net(MichaelRoytman) Measure What You FIx: Asset Risk Management Done Right MichaelRoytman <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/assetriskmanagement-140429205728-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" />

Measure What You FIx: Asset Risk Management Done Right from Michael Roytman

]]> 852 2 https://cdn.slidesharecdn.com/ss_thumbnails/assetriskmanagement-140429205728-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Less is More: Behind the Data at Risk I/O /slideshow/less-is-more-behind-the-data-at-risk-io/31822373 lessismorebehindthedataatriskio-140302140453-phpapp01
Using big data and implementing hadoop is a trend that people jump all to quickly to. Instead understanding the run time complexity of one's algorithms, reducing said complexity and managing the process from start to finish in a lean and agile way can yield massive cost savings - or save your organization. ]]>
Using big data and implementing hadoop is a trend that people jump all to quickly to. Instead understanding the run time complexity of one's algorithms, reducing said complexity and managing the process from start to finish in a lean and agile way can yield massive cost savings - or save your organization. ]]> Sun, 02 Mar 2014 14:04:53 GMT /slideshow/less-is-more-behind-the-data-at-risk-io/31822373 MichaelRoytman@slideshare.net(MichaelRoytman) Less is More: Behind the Data at Risk I/O MichaelRoytman Using big data and implementing hadoop is a trend that people jump all to quickly to. Instead understanding the run time complexity of one's algorithms, reducing said complexity and managing the process from start to finish in a lean and agile way can yield massive cost savings - or save your organization. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/lessismorebehindthedataatriskio-140302140453-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Using big data and implementing hadoop is a trend that people jump all to quickly to. Instead understanding the run time complexity of one's algorithms, reducing said complexity and managing the process from start to finish in a lean and agile way can yield massive cost savings - or save your organization.

Less is More: Behind the Data at Risk I/O from Michael Roytman

]]> 1637 3 https://cdn.slidesharecdn.com/ss_thumbnails/lessismorebehindthedataatriskio-140302140453-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 BsidesSF 2014 Fix What Matters /slideshow/bsidessf-2014-fix-what-matters/31736211 bsidessf2014-140227155717-phpapp01
Why using CVSS for vulnerability management is nuts. How to fix the vulnerabilities that truly matter, and how to create and measure an effective security practice.]]>
Why using CVSS for vulnerability management is nuts. How to fix the vulnerabilities that truly matter, and how to create and measure an effective security practice.]]> Thu, 27 Feb 2014 15:57:17 GMT /slideshow/bsidessf-2014-fix-what-matters/31736211 MichaelRoytman@slideshare.net(MichaelRoytman) BsidesSF 2014 Fix What Matters MichaelRoytman Why using CVSS for vulnerability management is nuts. How to fix the vulnerabilities that truly matter, and how to create and measure an effective security practice. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/bsidessf2014-140227155717-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Why using CVSS for vulnerability management is nuts. How to fix the vulnerabilities that truly matter, and how to create and measure an effective security practice.

BsidesSF 2014 Fix What Matters from Michael Roytman

]]> 8460 5 https://cdn.slidesharecdn.com/ss_thumbnails/bsidessf2014-140227155717-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Fix What Matters: A Data Driven Approach to Vulnerability Management /slideshow/fix-whatmatters/27576842 fixwhatmatters-131025135109-phpapp02
Data driven approach to vulnerability management in information security using live breach and vulnerability data.]]>
Data driven approach to vulnerability management in information security using live breach and vulnerability data.]]> Fri, 25 Oct 2013 13:51:09 GMT /slideshow/fix-whatmatters/27576842 MichaelRoytman@slideshare.net(MichaelRoytman) Fix What Matters: A Data Driven Approach to Vulnerability Management MichaelRoytman Data driven approach to vulnerability management in information security using live breach and vulnerability data. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/fixwhatmatters-131025135109-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Data driven approach to vulnerability management in information security using live breach and vulnerability data.

Fix What Matters: A Data Driven Approach to Vulnerability Management from Michael Roytman

]]> 749 4 https://cdn.slidesharecdn.com/ss_thumbnails/fixwhatmatters-131025135109-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://cdn.slidesharecdn.com/profile-photo-MichaelRoytman-48x48.jpg?cb=1696612711 Here is what Linkedin's NLP thinks of me: Experienced Advisor with a demonstrated history of working in the computer software industry. Skilled in Plumbing, Security Metrics, Herding Cats, and Ruby. Strong entrepreneurship professional with a Master of Science in Operations Research from Georgia Institute of Technology. Let me know if you have outdoor cats or leaky pipes. blog.risk.io https://cdn.slidesharecdn.com/ss_thumbnails/cybertecheurope-231006171912-fc57fef5-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/cybertecheuropepptx/261846784 CyberTechEurope.pptx https://cdn.slidesharecdn.com/ss_thumbnails/predictingexploitability-final-oreilly-171031235602-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/oreilly-security-new-york-predicting-exploitability-final/81442587 O'Reilly Security New ... https://cdn.slidesharecdn.com/ss_thumbnails/predictingexploitability-170216001350-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/rsa-2017-predicting-exploitability-with-predictions/72205886 RSA 2017 - Predicting ...