Purplecon 2019 anton black, against lies, h*cking lies, https://purplecon.nz/talks#anton-black, https://www.youtube.com/watch?v=3FLwN7OJAjQ&list=PLS45xFo74VF546tbfXXtKDO03cVrAalM6&index=8
did you know that the more blue teamers are sent to handle a security incident, the worse that incident will be? using science and statistics to make decisions about how you run security is a great idea β πͺπ§ you can interpret and represent your data accurately. but statistics is rife with potential pitfalls that can lead you to all kinds of false conclusions. with some help from planet earth's own blue team, we'll learn how to recognize and work around these problems to not only use your own data for good, but to also catch flawed analyses when you see them around you.
- Identify confounding variables/assumptions
- Observational studies can't identify causes, and βallβ infosec studies are observational (therefore incomplete science)
- Interventional studies are too expensive, or ethically questionable