Who is Alan Turing?
In his short lifetime, Alan Turing invented the computer on paper in the 1930s. Turing proved mathematically that it was possible to put symbols into a machine and have it perform tasks. This machine was called a Turing Machine and is the reason we have computers today.
“Every computer that everyone runs is a Turing Machine”
-Rick Howard
What is Bayes Theory and how is it applied to Cybersecurity?
At its base, Bayes Theory converts test results into real probability of the current events. In the cybersecurity world, this can be applied when forecasting risk. Taking estimates, gathering data, and then making more estimates with new data is how the Bayes Theory is applied. From there, you can make better resource decisions.
“We never gave the business leaders a chance to evaluate whether or not the risk was within their tolerance”.
-Rick Howard
How do you forecast risk for your organizations?
No one knows any different. When dealing with risk, many of us have defaulted to qualitative heat maps. Although most people would say that science backs these maps up, they do not. They are not specific and do not display an accurate representation of the data that is presented.
“It is possible to forecast complex things without very much data”
-Rick Howard
How do we provide metrics to risk?
When talking about forecasting risk, most people would say that you must have high precision to know everything about the situation at hand. The opposite is the truth. Making estimates, repeatedly looking at statistics, and then making more estimates after evaluating the data is becoming the new meta when forecasting risk. Repeating this process over and over again makes for better decision making when trying to deal with these risks.
“Forecasting risk is more of an art than science”
-David Barton
What should we be worried about heading into 2023?
Ransomware attacks. This has the most effect on a business. Ransomware started and then evolved to a 20-billion-dollar industry just in the last decade. Ransomware attacks can cost your company millions. Is that a risk you are willing to take?
Learn more about managing risks by scheduling an appointment with the Overwatch team.
Meet the Expert
Rick Howard
Chief Analyst, CSO, Senior Fellow
The CyberWire
Rick is the Chief Analyst, Chief Security Officer, and Senior Fellow at The Cyberwire, a cybersecurity podcasting network. His prior jobs include CSO for Palo Alto Networks, CISO for TASC, GM for iDefense (A commercial cyber threat intelligence service at Verisign,) Global SOC Director for Counterpane (one of the original MSSPs), and Commander for the U.S. Army’s Computer Emergency Response Team where he coordinated network defense, network intelligence and network attack operations for the Army’s global network. He was one of the founding organizers who helped create the Cyber Threat Alliance (an ISAC for security vendors) and he also created and still participates in the Cybersecurity Canon Project; a Rock & Roll Hall of Fame for cybersecurity books. Rick holds a Master of Computer Science degree from the Naval Postgraduate School and an engineering degree from the US Military Academy. He also taught computer science at the Academy from 1993 to 1999. He has published many academic papers on technology, security, and risk and has contributed as an executive editor to two books: “Cyber Fraud: Tactics, Techniques and Procedures” and “Cyber Security Essentials.”
Howard Published Works:
“Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks,” by Rick Howard, Ryan Olson, and Deirdre Beard (Editor), The Cyber Defense Review, Fall 2020.
“Cyber Fraud: Tactics, Techniques and Procedures” by Rick Howard (Executive Editor), CRC Press, Published 1 April 2009.
“Cyber Security Essentials” by Rick Howard (Executive Editor), Ryan Olson
(Primary Author), Auerbach Publications, Published 15 December 2010.
