Security data science is an emerging space and it was clear from our RSA Conference Peer2Peer session, Building Security Data Science Capability, that many companies are still just starting to explore how they can build their security data science capability. The group was hesitant at first to contribute, but we were fortunate to have a few key participants who were willing to share their successes so far with applying data science techniques.
We focused on the methodology of applying statistical rigor based on the scientific method. In our one-hour discussion, we covered topics including problem definition, data types, analysis methods, presentation techniques, finding the right talent, and working with vendors in the space. t was a great experience, and I was encouraged by how many people were interested in the topic.
There were two major themes of the discussion that stood out. First, applying data science to security is still very new. Many are interested and want to learn more, but there are few successful programs out there that are willing to serve as examples. We need more companies and individuals to share their successes and failures with the community. Security isn’t a zero-sum game between the defenders.
Second, there is a clear skills gap between security subject-matter expertise and the mathematical and analysis skills required to succeed. The skillset of understanding and interpreting statistical models is quickly becoming a key requirement for security analysts. Security organizations need to start building this talent now.
The other major gap area is in building and refining these models targeted at security use cases. This is a lessor priority from a talent standpoint since vendor platforms or external consultants can create these models. In the future, the in-house capability to build and refine models will become a more pressing need.
Outside of our Peer2Peer session, I was able to visit many vendors and discuss the state of data science in security with several of the P2P participants. The hype around User Behavioral Analytics (UBA) is massive and nearly every security product from endpoint to network to identity has its own UBA module.
This reinforced our discussion during the session that we need better examples of successes and failures with data science within the security community. We need leaders to talk about their journeys in applying more mathematical rigor and how others can learn from these experiences. I’m looking forward to next year and hearing about the progress everyone is making!
Clay Carter has experience presenting in front of large technical and academic audiences (100+ members) on topics such as technology trends and career pathing in information security. He is a master’s candidate in systems engineering and is actively researching these topics as well as applying them on a daily basis in his role as a Security Architect at GE. Prior to GE, Carter was a Security Architect at Genworth Financial and has wide exposure to vendor solutions and platforms promoted in this space.