Sabermetrics for Cyber: Collecting and Analyzing User Activity Data from Ephemeral Exercises

The term sabermetrics was coined in the 1970s by members of the Society for American Baseball Research (SABR) to describe how baseball teams use advanced analytics to evaluate talent and maximize performance both offensively and defensively. Sabermetrics transformed professional baseball through its...

Full description

Saved in:
Bibliographic Details
Published inEuropean Conference on Cyber Warfare and Security pp. 605 - 613
Main Authors Rivera, Jael, Booz, Jarrett, Hammerstein, Josh
Format Conference Proceeding
LanguageEnglish
Published Reading Academic Conferences International Limited 01.06.2025
Subjects
Baseball
Cybersecurity
Data analysis
Data collection
Federal employees
Infrastructure
Performance enhancement
Presidents
Professional baseball
Professionals
Skills
Software engineering
Talent management
Teams
Trouble shooting
Workforce
United States > US
Online AccessGet full text

Cover

More Information
Summary:The term sabermetrics was coined in the 1970s by members of the Society for American Baseball Research (SABR) to describe how baseball teams use advanced analytics to evaluate talent and maximize performance both offensively and defensively. Sabermetrics transformed professional baseball through its data-driven approach, enabling teams to devise new tactics and strategies for improving individual and overall team performance. The concept of sabermetrics or advanced analytics can also be applied to the cybersecurity domain to improve performance, both offensively and defensively, and to better evaluate talent. To do this, data is needed. Cybersecurity exercises are well suited for providing this data because they are designed to develop critical technical skills in controlled, simulated environments that closely mirror real-world threats. However, preserving data for ephemeral cybersecurity exercises can be challenging because these environments are temporary, and when they are torn down, log data is lost unless deliberate actions are taken to retain the data for future use. This includes all information regarding the actions participants took in the exercise. Recognizing that important information can be gleaned by analyzing this data, the Software Engineering Institute (SEI) at Carnegie Mellon University developed a capability to capture a high-fidelity record of user activities during cybersecurity exercises. This paper discusses the motivation behind this development, the insights that can be gained from the collected data, and how the SEI configures exercises used in cybersecurity competitions to collect and store user activity data for future detailed analysis.
Bibliography:ObjectType-Conference Proceeding-1
SourceType-Conference Papers & Proceedings-1
content type line 21