SlideShare a Scribd company logo
1 of 35
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4
Avoiding Bad Stats and the Benefits of Playing Trivia with Friends: PancakesCon 4

More Related Content

More from Adrian Sanabria

Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsAdrian Sanabria
 
From due diligence to IoT disaster
From due diligence to IoT disasterFrom due diligence to IoT disaster
From due diligence to IoT disasterAdrian Sanabria
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Adrian Sanabria
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Adrian Sanabria
 
451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?Adrian Sanabria
 
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...Adrian Sanabria
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint SecurityAdrian Sanabria
 
Security and DevOps Overview
Security and DevOps OverviewSecurity and DevOps Overview
Security and DevOps OverviewAdrian Sanabria
 
RSAC 2016: CISO's guide to Startups
RSAC 2016: CISO's guide to StartupsRSAC 2016: CISO's guide to Startups
RSAC 2016: CISO's guide to StartupsAdrian Sanabria
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerAdrian Sanabria
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofAdrian Sanabria
 
Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares
Hybrid Cloud Security: Potential to be the Stuff of Dreams, not NightmaresHybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares
Hybrid Cloud Security: Potential to be the Stuff of Dreams, not NightmaresAdrian Sanabria
 
Why does InfoSec play bass?
Why does InfoSec play bass?Why does InfoSec play bass?
Why does InfoSec play bass?Adrian Sanabria
 

More from Adrian Sanabria (16)

Securing Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These YearsSecuring Systems - Still Crazy After All These Years
Securing Systems - Still Crazy After All These Years
 
Red Team Framework
Red Team FrameworkRed Team Framework
Red Team Framework
 
From due diligence to IoT disaster
From due diligence to IoT disasterFrom due diligence to IoT disaster
From due diligence to IoT disaster
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
 
Open Source Defense for Edge 2017
Open Source Defense for Edge 2017Open Source Defense for Edge 2017
Open Source Defense for Edge 2017
 
451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?451 AppSense Webinar - Why blame the user?
451 AppSense Webinar - Why blame the user?
 
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...
 
451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security451 and Cylance - The Roadmap To Better Endpoint Security
451 and Cylance - The Roadmap To Better Endpoint Security
 
Security and DevOps Overview
Security and DevOps OverviewSecurity and DevOps Overview
Security and DevOps Overview
 
2016 virus bulletin
2016 virus bulletin2016 virus bulletin
2016 virus bulletin
 
RSAC 2016: CISO's guide to Startups
RSAC 2016: CISO's guide to StartupsRSAC 2016: CISO's guide to Startups
RSAC 2016: CISO's guide to Startups
 
Cloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security PractitionerCloud, DevOps and the New Security Practitioner
Cloud, DevOps and the New Security Practitioner
 
Ten Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard OfTen Security Product Categories You've Probably Never Heard Of
Ten Security Product Categories You've Probably Never Heard Of
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares
Hybrid Cloud Security: Potential to be the Stuff of Dreams, not NightmaresHybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares
Hybrid Cloud Security: Potential to be the Stuff of Dreams, not Nightmares
 
Why does InfoSec play bass?
Why does InfoSec play bass?Why does InfoSec play bass?
Why does InfoSec play bass?
 

Recently uploaded

Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesSanjay Willie
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 

Recently uploaded (20)

Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your QueriesExploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
Exploring ChatGPT Prompt Hacks To Maximally Optimise Your Queries
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 

Editor's Notes

  1. On knowing what normal looks like, this can be tricky, because it requires some expertise in a field, and familiarity with general stats in your field.For example, to know a stat on the number of unfilled jobs in cybersecurity seems off, you need a general understanding of how large the cybersecurity field is, and some awareness of how much hiring is going on in the public and private space, in your country and globally.You don't need to know all that to investigate a stat or claim though! Most of the data you need is available on the Internet!The Gell-Mann Amnesia Effect was something that Michael Crichton came up with - yeah, the guy that created Jurassic Park and ERHe used this term to describe the phenomenon of experts believing news articles written on topics outside of their fields of expertise, yet acknowledging that articles written in the same publication within their fields of expertise are error-ridden and full of misunderstandingThe lesson here, is that it's important to have a healthy dose of skepticism while consuming media, reports, papers, and research.
  2. On knowing what normal looks like, this can be tricky, because it requires some expertise in a field, and familiarity with general stats in your field.For example, to know a stat on the number of unfilled jobs in cybersecurity seems off, you need a general understanding of how large the cybersecurity field is, and some awareness of how much hiring is going on in the public and private space, in your country and globally.You don't need to know all that to investigate a stat or claim though! Most of the data you need is available on the Internet!The Gell-Mann Amnesia Effect was something that Michael Crichton came up with - yeah, the guy that created Jurassic Park and ERHe used this term to describe the phenomenon of experts believing news articles written on topics outside of their fields of expertise, yet acknowledging that articles written in the same publication within their fields of expertise are error-ridden and full of misunderstandingThe lesson here, is that it's important to have a healthy dose of skepticism while consuming media, reports, papers, and research.
  3. On knowing what normal looks like, this can be tricky, because it requires some expertise in a field, and familiarity with general stats in your field.For example, to know a stat on the number of unfilled jobs in cybersecurity seems off, you need a general understanding of how large the cybersecurity field is, and some awareness of how much hiring is going on in the public and private space, in your country and globally.You don't need to know all that to investigate a stat or claim though! Most of the data you need is available on the Internet!The Gell-Mann Amnesia Effect was something that Michael Crichton came up with - yeah, the guy that created Jurassic Park and ERHe used this term to describe the phenomenon of experts believing news articles written on topics outside of their fields of expertise, yet acknowledging that articles written in the same publication within their fields of expertise are error-ridden and full of misunderstandingThe lesson here, is that it's important to have a healthy dose of skepticism while consuming media, reports, papers, and research.
  4. On knowing what normal looks like, this can be tricky, because it requires some expertise in a field, and familiarity with general stats in your field.For example, to know a stat on the number of unfilled jobs in cybersecurity seems off, you need a general understanding of how large the cybersecurity field is, and some awareness of how much hiring is going on in the public and private space, in your country and globally.You don't need to know all that to investigate a stat or claim though! Most of the data you need is available on the Internet!The Gell-Mann Amnesia Effect was something that Michael Crichton came up with - yeah, the guy that created Jurassic Park and ERHe used this term to describe the phenomenon of experts believing news articles written on topics outside of their fields of expertise, yet acknowledging that articles written in the same publication within their fields of expertise are error-ridden and full of misunderstandingThe lesson here, is that it's important to have a healthy dose of skepticism while consuming media, reports, papers, and research.
  5. Let's take a closer look at one of these stats. First off, TRUST YOUR GUT. If it sounds like BS, it's worth investigating. In 2017, I set out to document every company that had ever been destroyed by a breach. How many did I find? Only 23 over a 20 year period. All small businesses; maybe 4 had over 100 employees, but all less than 500 Is it possible I missed some, or some didn't get reported? Sure! Is it possible I'm missing 150 PER YEAR? Probably not. This answers a more broad and general assumption in our industry: the assumption that security incidents MUST be ending companies Ramon Ray: founder and owner of smallbiztechnology.com and Smart Hustle. He was still using the stat as recently as late 2021, five years after NextGov interviewed him for their article debunking this claim. And that's at the core of what we're talking about here: there are a lot of folks out there that won't let the truth get in the way of a good sound byte
  6. Let's take a closer look at one of these stats. First off, TRUST YOUR GUT. If it sounds like BS, it's worth investigating. In 2017, I set out to document every company that had ever been destroyed by a breach. How many did I find? Only 23 over a 20 year period. All small businesses; maybe 4 had over 100 employees, but all less than 500 Is it possible I missed some, or some didn't get reported? Sure! Is it possible I'm missing 150 PER YEAR? Probably not. This answers a more broad and general assumption in our industry: the assumption that security incidents MUST be ending companies Ramon Ray: founder and owner of smallbiztechnology.com and Smart Hustle. He was still using the stat as recently as late 2021, five years after NextGov interviewed him for their article debunking this claim. And that's at the core of what we're talking about here: there are a lot of folks out there that won't let the truth get in the way of a good sound byte
  7. Let's take a closer look at one of these stats. First off, TRUST YOUR GUT. If it sounds like BS, it's worth investigating. In 2017, I set out to document every company that had ever been destroyed by a breach. How many did I find? Only 23 over a 20 year period. All small businesses; maybe 4 had over 100 employees, but all less than 500 Is it possible I missed some, or some didn't get reported? Sure! Is it possible I'm missing 150 PER YEAR? Probably not. This answers a more broad and general assumption in our industry: the assumption that security incidents MUST be ending companies Ramon Ray: founder and owner of smallbiztechnology.com and Smart Hustle. He was still using the stat as recently as late 2021, five years after NextGov interviewed him for their article debunking this claim. And that's at the core of what we're talking about here: there are a lot of folks out there that won't let the truth get in the way of a good sound byte
  8. Let's take a closer look at one of these stats. First off, TRUST YOUR GUT. If it sounds like BS, it's worth investigating. In 2017, I set out to document every company that had ever been destroyed by a breach. How many did I find? Only 23 over a 20 year period. All small businesses; maybe 4 had over 100 employees, but all less than 500 Is it possible I missed some, or some didn't get reported? Sure! Is it possible I'm missing 150 PER YEAR? Probably not. This answers a more broad and general assumption in our industry: the assumption that security incidents MUST be ending companies Ramon Ray: founder and owner of smallbiztechnology.com and Smart Hustle. He was still using the stat as recently as late 2021, five years after NextGov interviewed him for their article debunking this claim. And that's at the core of what we're talking about here: there are a lot of folks out there that won't let the truth get in the way of a good sound byte
  9. Let's take a closer look at one of these stats. First off, TRUST YOUR GUT. If it sounds like BS, it's worth investigating. In 2017, I set out to document every company that had ever been destroyed by a breach. How many did I find? Only 23 over a 20 year period. All small businesses; maybe 4 had over 100 employees, but all less than 500 Is it possible I missed some, or some didn't get reported? Sure! Is it possible I'm missing 150 PER YEAR? Probably not. This answers a more broad and general assumption in our industry: the assumption that security incidents MUST be ending companies Ramon Ray: founder and owner of smallbiztechnology.com and Smart Hustle. He was still using the stat as recently as late 2021, five years after NextGov interviewed him for their article debunking this claim. And that's at the core of what we're talking about here: there are a lot of folks out there that won't let the truth get in the way of a good sound byte
  10. Let's take a closer look at one of these stats. First off, TRUST YOUR GUT. If it sounds like BS, it's worth investigating. In 2017, I set out to document every company that had ever been destroyed by a breach. How many did I find? Only 23 over a 20 year period. All small businesses; maybe 4 had over 100 employees, but all less than 500 Is it possible I missed some, or some didn't get reported? Sure! Is it possible I'm missing 150 PER YEAR? Probably not. This answers a more broad and general assumption in our industry: the assumption that security incidents MUST be ending companies Ramon Ray: founder and owner of smallbiztechnology.com and Smart Hustle. He was still using the stat as recently as late 2021, five years after NextGov interviewed him for their article debunking this claim. And that's at the core of what we're talking about here: there are a lot of folks out there that won't let the truth get in the way of a good sound byte
  11. Let's take a closer look at one of these stats. First off, TRUST YOUR GUT. If it sounds like BS, it's worth investigating. In 2017, I set out to document every company that had ever been destroyed by a breach. How many did I find? Only 23 over a 20 year period. All small businesses; maybe 4 had over 100 employees, but all less than 500 Is it possible I missed some, or some didn't get reported? Sure! Is it possible I'm missing 150 PER YEAR? Probably not. This answers a more broad and general assumption in our industry: the assumption that security incidents MUST be ending companies Ramon Ray: founder and owner of smallbiztechnology.com and Smart Hustle. He was still using the stat as recently as late 2021, five years after NextGov interviewed him for their article debunking this claim. And that's at the core of what we're talking about here: there are a lot of folks out there that won't let the truth get in the way of a good sound byte
  12. Let's take a closer look at one of these stats. First off, TRUST YOUR GUT. If it sounds like BS, it's worth investigating. In 2017, I set out to document every company that had ever been destroyed by a breach. How many did I find? Only 23 over a 20 year period. All small businesses; maybe 4 had over 100 employees, but all less than 500 Is it possible I missed some, or some didn't get reported? Sure! Is it possible I'm missing 150 PER YEAR? Probably not. This answers a more broad and general assumption in our industry: the assumption that security incidents MUST be ending companies Ramon Ray: founder and owner of smallbiztechnology.com and Smart Hustle. He was still using the stat as recently as late 2021, five years after NextGov interviewed him for their article debunking this claim. And that's at the core of what we're talking about here: there are a lot of folks out there that won't let the truth get in the way of a good sound byte
  13. 99.5% of losses are unaccounted for - could we make a case that these are all indirect losses? I don't think so...
  14. 99.5% of losses are unaccounted for - could we make a case that these are all indirect losses? I don't think so...
  15. 99.5% of losses are unaccounted for - could we make a case that these are all indirect losses? I don't think so...
  16. 99.5% of losses are unaccounted for - could we make a case that these are all indirect losses? I don't think so...
  17. 99.5% of losses are unaccounted for - could we make a case that these are all indirect losses? I don't think so...
  18. 99.5% of losses are unaccounted for - could we make a case that these are all indirect losses? I don't think so...
  19. Even though the tweet engagement was almost non-existent Cylance held a grudge for years They mis-represented a Verizon DBIR stat You're required to get permission from VZ before using their stats, for exactly this reason They assumed the top of the graph = 100%, when it actually = ~35% I DMed some of the DBIR folks and had the raw data from the graph in my hands in under 30 minutes The danger here is that if you tell defenders that 90% of their problem is malware... there's a really good chance they're going to find a way to justify pouring 90% of their resources into addressing it! At the detriment of other areas that need budget and attention When myths and lies prevail, they can cause us to choose the wrong path
  20. Even though the tweet engagement was almost non-existent Cylance held a grudge for years They mis-represented a Verizon DBIR stat You're required to get permission from VZ before using their stats, for exactly this reason They assumed the top of the graph = 100%, when it actually = ~35% I DMed some of the DBIR folks and had the raw data from the graph in my hands in under 30 minutes The danger here is that if you tell defenders that 90% of their problem is malware... there's a really good chance they're going to find a way to justify pouring 90% of their resources into addressing it! At the detriment of other areas that need budget and attention When myths and lies prevail, they can cause us to choose the wrong path