FloCon 2018 has ended
Tucson, AZ – January 8-11, 2018


Watch this space for details on the technical program for FloCon 2018. In the meantime, see the FloCon website at www.cert.org/flocon.
Back To Schedule
Thursday, January 11 • 12:00pm - 12:30pm
Lunch Table Talk - "A Model of Analytic Development: Structure and Application"

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
This presentation walks through a three-part model of analytic development and applies it to a series of analytic problems. The first part is single-path development, directly suited to triage and incident-response-related problems, where query and summarization provide a focused series of results. The second part is multi-path development, where different pools of data must be separately queried and analyzed, then integrated into the results of interest – a process which is more suited to capabilities estimation, both on the aggressive and defensive sides. The third part is exploratory development, where dynamic associations must be constructed and applied in both a conditional and iterative manner to isolate behavior of interest – a process which is more suited to identification of unknown threats and clarifying new network behaviors. Through a series of examples, ranging from network flow data, network inventory data, and passively-collected domain data, this presentation will both clarify this model and apply it to several sorts of data relevant to network security. Taken together, this model provides a structure by which the effort involved in analytic development can be regularized and organized. Such structure can permit application of maturity models, whereby more predictable, repeatable, and manageable effort can be applied. It can also identify cases where the currently-established processes may not be sufficient to meet the need in analytical development.

What will attendees learn?
The presentation will aid attendees by providing a structure in which the effort involved in developing analytics can be scoped, structured, and tracked. This will help to make this effort more organized and more manageable.

avatar for Timothy Shimeall

Timothy Shimeall

The only person to make 11 consecutive appearences at FloCon, Tim Shimeall is the Senior Network Situational Awareness Analyst of the CERT Program at the Software Engineering Institute (SEI). Shimeall is responsible for the development of methods to support decision making in security... Read More →

Thursday January 11, 2018 12:00pm - 12:30pm MST
Agave I

Attendees (6)