Hypothesis, Risk, and Science

When I patch, an unwanted outcome is reduced.

A forecast is the best available term to represent a belief that a future scenario or impact may occur. A security engineer wants to avoid a breach. In a sense, their work is reducing probabilistic uncertainty just as others are making cars faster by increasing miles-per-hour. Forecasts are compatible with probability or impact in risk = probability * impact. Forecast values come from rich data (good), simple models (good), experts (meh), or some hybrid of both (ideal).

Were we hacked, but didn’t know?

Issues of observability persist in our experiments: Did the scenario occur outside of our visibility? Was our data breached and logs were sidestepped or deleted? We might not trust our risk measurements due to any distrust of our observational capability.

  • But the most remarkable of all the kinds of air that 1 have produced by this process is, one that is five or fix times better than common air.(*)

When I think of formal scientific method an image sometimes comes to mind of an enormous juggernaut, a huge bulldozer-slow, tedious, lumbering, laborious, but invincible― Robert M. Pirsig

The scientific method is iterative. Science may be as simple careful troubleshooting, or complex long term academic marathons. The length of these iterations is not relevant in examination of scientific demarcation.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ryan McGeehan

Ryan McGeehan

Writing about risk, security, and startups.