Risk assessment is challenging when data is unavailable, hard to obtain, or costly to process. Organizations often request estimates from experts instead. This talk demonstrates how to integrate cybersecurity data with expert estimates using Bayesian modeling in PyMC. Cybersecurity analysts, resource managers, and executives can use Bayesian models to perform risk assessments, select security controls, and prioritize which suspicious events to investigate first. System administrators can configure autonomous sources of data including vulnerability scanners and cybersecurity event monitoring systems to automatically update these hybrid network models alongside inputs from risk analysts and executives.
