I've been remiss in my blogging duties. I've had some changes in my life recently, but I'd like to get back to posting on a regular basis and there's not real a good reason why I should be able to do that. Allow me to rectify my absentmindedness by talking about the book Data-Driven Security by Jay Jacobs and Bob Rudis.
This was a wonderful book to read as an information security professional. As information security matures (and the world in general) metrics and analytics are going to become a bigger part of the field. We see sabermetrics taking over baseball and other sports for the simple fact that it helps organizations gain a deeper understanding of what the have, which leads to making better decisions. Those same strategies can help many professional fields, including information security.
Each chapter of the book covers a different scenario in which data is analyzed to answer an infosec related question. It also discusses the art of visualization and how to make communicating numbers more useful to people (*cough*executives*cough*). The book exposes the reader to the wonderful world of Python and R studio, both of which are used to analyze and make sense of the data, without requiring too much previous knowledge. Each chapter walks the reader through exercises utilizing pre-built Python scrips in R Studio, just enough to wet the petite.
What I really enjoyed about the book was that it was easy to read. It wasn't bogged down with numbers or big words. Of course, I'm not exactly a newb to reading about statistical analysis. Still, I think people with some interest in data-driven security will find the book a fairly easy read. It's a great starting point for those wanting to explore a discipline in security that is likely to become more and more relevant as security and data matures.