Howdy, y’all! Our guest today is Wade Baker, cybersecurity researcher, entrepreneur, professor… Wade is a Board of Directors member of the FAIR Institute, was an Advisory Board Member at the RSA Conference, was VP of Strategy & Risk Analytics at ThreatConnect, and is now Co-Founder of Cyentia Institute, which aims to advance cybersecurity knowledge and practice through data-driven research. Wade joins Drew and Allan to talk about (go figure!) data-driven cybersecurity. The three smash through a lot of assumptions and get to the heart of what is really going on in cybersecurity.
Questions covered:
- What is the Information Risk Insights Study (IRIS)? (cyentia.com/iris/)
- What is a good summary of the IRIS Ransomware report?
- How organizations out there can be more data-driven?
- Analyst whitepapers vs. real data research – what are the differences?
- Who else can mine data like this?
- What truths do people resist or what do they fail to embrace?
- What are the sacred cows and the “inflatable cows”?
- Is the cyber job shortage a real, data-backed problem?
- The desire for “flat math” vs. curves (the 5x5 grid) …
- Measuring the problem side vs the solution side…
- Actual best practices vs. common practices…
- Insurance industry data and why they don’t share it…
- Much of what we do does not affect the realities of our cyber risk.
- Stepping back from all of this, what is the value in data-driven industry analysis of this sort?
- How does one sponsor IRIS publications?
Y’all be good now!