Sorry I haven't posted in a while. I've been pretty busy with research work -- writing papers for conferences, mostly. But I've got some good news to report.
|
Cash will be flowing as nature intended. |
First, I'm starting a full-time job at a Financial Institution* with the title Security Data Analyst/Scientist, which I choose to shorten to
Security Data Scientist. This is a big deal on many levels. One of the best things is that their capabilities are comparatively mature and the leadership is both visionary and pragmatic. This means that I hope to do some fairly compelling analysis drawing on some rich data sources and previous analysis rather than having to start from scratch.
(* My Twitter followers will know.)
I'm continuing my PhD program part-time, with focusing on my dissertation. I hope to complete that in 2014.
Also, I'll continue blogging here on all the same topics.
Second, I'm very happy to say that I've had a talk accepted at the RSA Conference in February 2014, co-presenting with David Severski:
10 Dimensions of Security Performance for Agility & Rapid Learning
2/26/2014, 10:40 AM - 11:00 AM
Abstract: Information security is an innovation arms race. We need agility and rapid learning to stay ahead of adversaries. In this presentation, you'll learn about a Balanced Scorecard method called the Ten Dimensions of Cyber Security Performance. Case studies will show how this approach can dramatically improve organization learning and agility, and also to get buy-in from managers and executives.
This is a 20 minute time slot, and there's no way that I can compress my 60 minute or 45 minute versions of "Ten Dimensions" into such a short time. Therefore, David and I are going to cook up an extended "trailer" that conveys the basic idea of double loop learning in practice (David is doing some neat stuff that we'll try to "fly through"). In parallel, I hope to have some videos, webinar, or other media that people can go to in order to get a proper introduction and survey.
Also, I've proposed a peer-to-peer session at RSA on a related theme: "Building a Quantitative Evidence-based Security & Risk Management Program". I should hear later in November whether it's been accepted. It will be an hour long session and I will only be facilitating, but it should be a good time for Q&A, sharing insights, etc.
Finally, I'll be presenting a SIRA webinar "Big 'R' Risk Management - from concept to pilot implementation". This is basically the same talk I gave at SIRAcon, but some people couldn't attend that session (we had parallel tracks) and many people couldn't attend SIRAcon at all. I think it'll be in December, but there isn't a date set yet.
I've got some good blog posts in the works, including Game Theory Meets Risk Analysis, several more Shades of Black Swans, a review of RIPE, some philosophy, and others. Thanks for reading and thanks for your comments, both here and in other media.
--------
One more bit of good news from a completely different domain: the book
Chasing Chariots is coming soon! Includes most of the papers presented at the First International Chariot Conference held in Cairo in December 2012. The evolution of technology in the Late Bronze Age became an strong interest (a.k.a. compulsion) of mine a couple years ago, with particular focus on the so-called "first revolution in military affairs" -- the war chariot. Beyond just curiosity, I'd like to do some serious research in this area, but short of getting a second PhD, the only way it's going to happen is if I can find some collaborators (after I graduate!).
Periodically, I'll post some war chariot stuff here. Bruce S. has his squids; I have my war chariots.