Subjectivity, Risk, and Science

  • Induction: Others are compromised by spear phishing, and we might be, too.
  • Deduction: They bypassed encryption! They must have the private key.
  • Abduction: They must have found domain admin with lateral movement.
  • Hypothesis: At least 1 incident (SEV0) this year will involve a remote adversary.
  • Experiments: External vuln scans, network segmentation, bastion auth.
  • Measurement: Expert forecast in probability (%) of occurrence / year.
  • Test: There (was/n’t) a SEV0 incident meeting this criteria this year. (Brier)
  • Confirmation: “We would feel stronger about these results with better network telemetry, experimentation, and detection. But, this experiment was useful and we have ideas for the next one.”




Writing about risk, security, and startups.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Throwing - Nice Shooooot! Hack Free Resources Generator

What Can We Learn From Zoom’s Rise Amidst The Pandemic?

How Bank Disclosure Of Customer Information Work For Security

$BLISS Vaults and the Enlightenment Function

Killer Mobile: Tracking American Android And iOS Spyware In Russia

{UPDATE} KPOP HOP: Music Edm Game! Hack Free Resources Generator

Abusing Forgot Password Functionality

Security Onion Set Up Part 1: Planning

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ryan McGeehan

Ryan McGeehan

Writing about risk, security, and startups.

More from Medium

A Trip Down Memory ‘Valley’

Better than puck flips? Money line and market expectation in NHL

Artificial intelligence.

EPL Title: Do Liverpool Stand a Chance?