Cybersecurity Science with Shawn Riley

Cybersecurity science is a critical aspect of an organization's overall security posture, encompassing a wide range of practices, theories, and methodologies aimed at protecting information and systems from cyber threats. It's a multidisciplinary field that combines elements of computer science, information technology, psychology, and risk management. Understanding cybersecurity science and its seven interrelated core themes is vital for organizations to effectively safeguard their digital assets and maintain operational integrity. What is Cybersecurity Science? Cybersecurity science goes beyond the mere implementation of technical security measures. It involves a systematic and scientific approach to identifying, understanding, and mitigating cyber risks. This field focuses on understanding the constantly evolving nature of cyber threats and developing robust strategies to counter them. It encompasses the study of threat landscapes, attacker behaviors, system vulnerabilities,

As a seasoned cybersecurity scientist with extensive experience across various analytical, auditing, and investigative roles, I bring a unique lens to the NIST Cybersecurity Framework Version 2.0 (CSF 2.0). While the traditional application of the CSF often leans towards mapping its categories to security controls, this article intends to pivot from the usual engineering-focused interpretations. Here, we delve into the CSF 2.0 with an eye on the seven interrelated core themes of cybersecurity science:  Risk : The identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events. Attack Analysis : The study and investigation of attack methods and pathways, focusing on understanding and anticipating attacker behavior and methodologies. Measurable Security : Establishing quantifiable metrics and benchmarks to evaluate the effectiveness of security measure

When we delve into the world of cybersecurity, MITRE ATT&CK TTPs (Tactics, Techniques, and Procedures) emerge as a paramount concept, offering a microscopic lens into an adversary's modus operandi. However, the precision and effectiveness of TTP analysis are heavily anchored on the quality of underlying data. Here, we deep-dive into the quintessential data characteristics and their bearing on TTPs and provide example methods to quantitatively score different aspects. 1. Data Accuracy: Relevance: In the sprawling matrix of cybersecurity, precision is key. Accurate data ensures that specific adversary techniques or tools are identified with certainty. Any inaccuracy can lead to detrimental false positives or false negatives, possibly allowing malicious entities to navigate defenses unchecked. Scoring Metric: A pragmatic approach would be to evaluate the percentage of errors or inconsistencies in data over a predetermined period. A lower error percentage signifies superior data ac

The Pyramid of Pain, a concept masterfully crafted by David J. Bianco, offers a unique perspective into the world of cybersecurity. It doesn't merely categorize threat indicators; it arrays them in a manner that demonstrates the relative pain they can inflict upon adversaries when defenders take action against them. As we delve into the nuances of the pyramid, it becomes evident that TTPs (Tactics, Techniques, and Procedures) form its apex. Here, the MITRE ATT&CK framework emerges as an invaluable companion. ATT&CK, which stands for "Adversarial Tactics, Techniques, and Common Knowledge," offers an extensive and detailed matrix that embodies the essence of TTPs. This globally-accessible knowledge base catalogs the specific methods employed by adversaries across various platforms, bridging the strategic insights from the Pyramid of Pain with actionable intelligence.                      Image Source: https://center-for-threat-informed-defense.github.io/summiting-th

In the rapid evolution of cybersecurity, professionals constantly adapt to the sophisticated tactics employed by adversaries. One significant transition that underscores this evolution is the shift from relying on Indicators of Compromise (IoCs) to leveraging Indicators of Behavior (IoBs) and employing Attack Flows for a more holistic analysis and response to cyber threats. This shift is not merely a change in terminology but a paradigm shift aimed at proactively identifying, understanding, and mitigating cyber threats in a more effective and efficient manner. This article delves into the differences between IoCs and IoBs, introduces the concept of Attack Flows, and outlines the implications of these transitions on various cybersecurity teams including Detection & Response, Threat Intelligence, Threat Hunting, and Risk Management teams. The Limitations of Indicators of Compromise Traditionally, cybersecurity efforts have revolved around identifying and responding to IoCs, which are

Introduction: In the constantly changing and developing cybersecurity landscape, the attack surface of modern enterprises has grown complex, leading to fatigue. Gartner, a leading research firm, has identified Continuous Threat Exposure Management (CTEM) as one of the top cybersecurity trends in 2023. As per Gartner, by 2026, organizations that prioritize their security investments based on a CTEM program will experience two-thirds fewer breaches. This article provides an overview of the concept of CTEM, its significance, and how it can be effectively implemented. What is CTEM? Continuous Threat Exposure Management (CTEM) is a proactive approach to cybersecurity. It involves continually monitoring an organization's external surfaces, assessing vulnerabilities, and taking appropriate actions to reduce security risks. The primary goal is safeguarding the organization's digital and physical assets by implementing robust remediation plans aligned with the exposed surface vulnerabil