From Weight Loss to Security Performance: Indicators of Healthy Habits

When I was a young pup studying statistics, I remember reading about a study on weight loss that found three factors correlated with weight loss: weighing yourself daily, eating a good breakfast and having access to work out equipment at home. While none of these cause weight loss directly, together they indicate a passion for and dedication to a healthy lifestyle. Connections like this, where subtle observations can lead to a larger understanding, have always been an interest for me and have driven me forward in my career.

So what does weight loss have to do with information security? Opportunity for the same type of research exists within this industry as well. Organizations who think the health of their data protection is important will exhibit different habits than those who don’t. The big questions then become “what are those indicators?” and “how important are they?” This curiosity is what has led me to BitSight, where I was excited to learn BitSight is not only already answering those questions, but they are a core component of their business and value statement in the industry.

This past June, I joined the Data Science team at BitSight where I will continue to focus on answering these questions and more. Before joining BitSight, I was one of the authors and lead data analyst behind the Verizon Data Breach Investigations Report (DBIR). I contributed to the last four reports (2012-2015) and it was an honor to be part of some of the most exciting research (and data analysis) within the information security space at that time. The entire purpose of the research was to explore ways to support the decision makers. Where should security teams focus their time and resources? What aspects of information security require the most attention and what is just hype? I hope to continue pursuing the same types of important questions with BitSight.

BitSight is hyper-focused on data quality and research integrity. It’s something I highly valued when I was working on the DBIR and something I consider necessary for data science. I couldn’t imagine working on something that didn’t value integrity and use it publicly as a selling point. It’s easy to cut corners and get away with it, but it’s not a long-term plan. Unfortunately, shortcuts are all too common within security. It takes special dedication to realize integrity - especially within data science - is necessary for advancing our knowledge and as a result, our security. I’m really excited to be a part of this team and further BitSight’s goal of bringing more research-driven transparency into network security practices. In the long run, I believe this will advance the state of our knowledge and as a result, our security. To stay engaged with me while I’m on this journey, follow me on Twitter @jayjacobs and as always, I welcome your thoughts and questions regarding this new challenge!