IoT Security Metrics

We cannot improve what we cannot measure (Kelvin). How does one quantify the absence of an adversary, a fault, or a weakness in a system? How can we define objective, repeatable, and reproducible metrics that evaluate the security of a network? This task is more complex at a time that the face of networking is changing by interconnecting devices such as webcameras, locks, and lights. These exciting and difficult questions are part of my work in quantitative security evaluation. I analyze data, create predictive models, and stream telemetry with modern open source tools.