Software Engineering Institute

The ever-expanding scale of digital infrastructure has necessitated automation. Data-driven methods to detect and remediate threats have brought some hope to increasingly belabored defenders. However, debates linger as to the efficacy of data-driven automation.

Security solutions often are purely engineering-driven. As well, many security operations lack the time and resources to strongly validate security systems. Substantiating the efficacy of emerging methods is challenged to the degree there are weak practices for establishing scientific proof in the security domain.

This presentation seeks to stimulate insight and discussion concerning the distinction between security engineering solutions and scientific insights. Whereas engineering solutions establish new techniques, deeper insights concerning the fundamental dynamics underlying network behaviors are often lacking. As a result, we are often left with a difficult-to-manage set of black box solutions and methodological toolkits. Marketing, hype, and commercial noise increases such confusion.

To highlight the distinction between engineering and science in security, insights from research literature and interviews with practitioners are cited. Through distinguishing engineering and scientific practice, a set of recommendations concerning integrating the two approaches concludes the presentation.

The presentation summarizes research-based insights from the new book ‘Cybersecurity Data Science: Best Practices in an Emerging Profession’, published by Springer and written by the presenter. The project was centrally motivated and informed by participating in the FloCon conference from 2017 to the present.

This presentation seeks to profile the distinction between engineering and scientific approaches to security. An attempt is made to highlight the benefits of scientific insights versus engineered techniques. The goal is to raise consciousness concerning both the challenges to and benefits of scientific approaches in security. Attendees will:

• Gain insights on how to distinguish security engineering from science
• Benefit from insights extrapolated from both research and practitioner interviews
• Understand practical approaches to bootstrap scientific inquiry in security operations

This presentation offers perspectives on data-driven security approaches to security professionals, managers, policy stakeholders, educators, and researchers.

Scott Mongeau PhD is a Principal at SARK7 (sark7.com). He has three decades of experience designing and deploying data intensive solutions in a range of industries. Active globally, his book "Cybersecurity Data Science: Best Practices in an Emerging Profession was recently released by Springer.