Your SOC Already Has the Data for Quantitative Risk Analysis. You're Just Not Using It.

Most cybersecurity teams can tell you how many phishing incidents they worked last quarter. They can pull malware case counts from their ticketing system, calculate mean time to remediate, and break down incidents by category with reasonable precision. This is operational data they already collect, already trust, and already report

On the Diminishing Marginal Utility of IOCs

Cross-pollination of knowledge and learning from one field of study to another is essential for driving innovation, solving complex problems, and creating new solutions. Or enabling me to defeat what I think are bad ideas. To that end, I've spent a lot of time thinking about how horrible