With RSA completed over two weeks ago, and an ensuing sickness, I realized I haven’t posted about my presentation with Joel Amick. I thoroughly enjoying sharing this work with the RSA audience and had some great conversations afterwards. I think agent-based modeling (ABM) has some interesting use cases in cybersecurity and risk management. I think that in organizations that have data sets about their assets covering control strengths, threats, and losses, there is valid application of ABM to provide some attacker forecasting.
The presentation slides have been posted here. The slides are static and don’t show the video of the model, however the presentation was recorded and the video has been posted on RSAC onDemand for those that attended. When it’s opened to the rest of the world, I will post that.