search menu icon-carat-right cmu-wordmark

Applying Scientific Methods in Cybersecurity

August 2021 Podcast
Leigh B. Metcalf, Jonathan Spring

Leigh Metcalf and Jonathan Spring discuss with Suzanne Miller the application of scientific methods to cybersecurity, a subject of their recently published book, Using Science in Cybersecurity.

“One of the common pitfalls we see today in science is called data dredging. It’s when people have a dataset, and they can’t prove what they’re looking for, so they keep going back and refining their guess. They’re designing their experiment so that it fits the weirdnesses in their dataset. Every dataset is weird in its own way, but if you design your research to the weirdnesses in your dataset, then no one else can actually do the same thing over again. And data dredging is thought to be the reason a lot of research these days is not reproducible, and it is something that should definitely be avoided.”

Listen

Watch

Abstract

In this SEI Podcast, Leigh Metcalf and Jonathan Spring discuss with Suzanne Miller the application of scientific methods to cybersecurity. As described in their recently published book, Using Science in Cybersecurity, Metcalf and Spring describe a common-sense approach and practical tools for applying scientific rigor to the field of cybersecurity.

About the Speaker

Leigh B. Metcalf

Leigh B. Metcalf

Leigh Metcalf is a senior network-security research analyst with the CERT Division of the SEI. After earning a PhD in theoretical mathematics, specializing in algebraic topology, Metcalf spent more ...

Leigh Metcalf is a senior network-security research analyst with the CERT Division of the SEI. After earning a PhD in theoretical mathematics, specializing in algebraic topology, Metcalf spent more than 10 years in industry working as a systems engineer and architect at various startups before specializing in cybersecurity and moving to the SEI in 2010. Metcalf is the editor-in-chief of Digital Threats: Research and Practice, a journal of the Association for Computing Machinery (ACM) that promotes scientific rigor in digital security by bridging the gap between academic research and industry practice.

Read more
Jonathan Spring

Jonathan Spring

Jonathan Spring is a senior member of the SEI technical staff with the CERT Division. Spring began working at the SEI in 2009. Previous positions include adjunct professor at the University of Pittsburgh’s ...

Jonathan Spring is a senior member of the SEI technical staff with the CERT Division. Spring began working at the SEI in 2009. Previous positions include adjunct professor at the University of Pittsburgh’s School of Information Sciences. He currently volunteers on the FIRST Common Vulnerability Scoring System (CVSS) SIG and the ICANN Security and Stability Advisory Committee (SSAC). At the SEI, Spring’s work focuses on producing reliable evidence for various levels of cybersecurity policies. Spring’s approach to work balances leading by example with reflecting on study design and other philosophical issues. Spring earned a PhD in computer science from University College London.

Read more