Thursday, August 27, 2015

Dissertation proposal: "Shaping Possibility Space"

At long last, I have submitted my dissertation proposal:
Fair warning: it is long -- 72 pages not including Glossary and Bibliography.  Being academic work, it will not be 'light reading' for many readers.  I have done my best to be clear and direct, but the subject matter is complicated.

Spoiler alert: I don't propose to solve the Cyber Security Problem(tm) in my research.  Instead, I'm studying the process of innovation that might, eventually, lead to new solutions, especially institutional innovations.  Some readers might find this boring, irrelevant, or 'ivory tower'.

Feedback is most welcome.  If you don't have my email address, ping me on Twitter.

The defense meeting is in mid-October.

Wednesday, August 5, 2015

B-Sides LV slides

Here are my slides for today's B-Sides Las Vegas talk (5pm Wednesday).  I'll be demoing the B-Sides SF spreadsheet (see previous post).  A video of the talk will be available on in a day or so.

Sunday, April 19, 2015

B-Sides SF Talk

Here is the demo spreadsheet I'll be using in today's B-Sides SF talk on the Thomas Scoring System (TSS):
Download the spreadsheet and open in Microsoft Excel 2008 or later.  It uses conditional formatting and cell data validation, but no macros or other advanced features.  The sheets are protected to avoid data entry errors, but there is no password.

This is a realistic, fully functional implementation of the TSS applied to a general case: scoring the maturity of a company's information security capability.

Wednesday, April 15, 2015

Entry in Schneier's Eighth Movie-Plot Threat Contest

Every year, on April Fool's Day, Bruce Schneier hosts a "movie plot threat" contest on his blog.  This year's theme is "evils of encryption".  This is my third year submitting an entry (I won two years ago -- w00t!).  Here is my entry for the 8th contest (500 word limit):

Friday, October 31, 2014

Presentation: Topological View on Radical Innovation

I'm presenting today at the 6th Annual Complexity in Business Conference, sponsored by the University of Maryland Center for Complexity in Business.  Here are my slides.  (FYI: no information security content here, unless you are interested in institutional innovation.)

If you are really, really interested in this topic and want all the details and references, here is a paper I just completed for a Directed Reading class (89 pages, PDF).  It's a little rough around the edges due to time constraints.

Thursday, October 9, 2014

SIRAcon presentation

I'm presenting at SIRAcon today: "How to aggregate ground-truth metrics & indicators into a performance index".  It will be recorded and will be available to SIRA members on the SIRA web site.  Here are the slides.  Here is the blog post with background and tutorial.

Wednesday, June 25, 2014

My inputs to DHS on cyber economics & incentives

I'm at the 3rd day of Workshop on Economics of Information Security (WEIS) at Penn State.  The focus of this day is to provide input and ideas to the Science & Technology (S&T) Directorate in US Department of Homeland Security regarding R&D on cyber economics and incentives.

Here is the 2007 working paper I co-authored: "Incentive-based Cyber Trust -- A Call to Action".  I think many of the arguments and ideas are still relevant.  (It's long -- 27 pages -- but I think readers will be rewarded.)

Here are my slides.