Dr. Pablo Breuer is currently a Principal Director for Applied Cyber Intelligence at Accenture Federal Services. He is a 22 year veteran of the U.S. Navy. Some tours of interest include: military director of US Special Operations Command Donovan Group and senior military advisor and innovation officer to SOFWERX, the National Security Agency, and U.S. Cyber Command as well as being the Director of C4 at U.S. Naval Forces Central Command.
He is a DoD Cyber Cup and Defcon Black Badge winner, and has been faculty at the Naval Postgraduate School, National University, California State University Monterey Bay, as well as a Visiting Scientist at Carnegie Mellon CERT/SEI. He has taught classes for various U.S. government agencies and industry on topics ranging from malware reverse engineering and exploit development to cyber policy and authorities. Pablo is also a co-founder and board member of The Diana Initiative and is on the staff for BSides Las Vegas.
Reducing Information Overload Via an Analog Model for Cyber Risk
Cybersecurity relies on Security Operations Center (SOC) personnel to conduct data triage on large numbers of automated alerts to identify true threats to networks. To achieve this goal, SOC personnel must not only filter out false positives in data streams, but also coalesce disparate pieces of data to generate information that yields a conclusion of an existing exception condition in the desired state of cybersecurity and requires action.
Additionally, false negatives in data streams may later be identified when a compromise is discovered via human reporting or other means. Limitations of Turing machines used as automated sensors, ever-increasing network size and speed of transmission, limited numbers of qualified personnel, and the necessity to work in uncertainty, all serve to exacerbate the continual condition of information overload for network defenders.
This research addresses information overload by reducing the information that is presented to personnel working in a SOC. It proposes a new framework for determining cybersecurity risk as a time-dependent function, which allows for reduced information overload and at least equivalent cybersecurity posture.