Mitchell says that at many organizations, it may make sense to incent existing security analysts to learn more about data science and to brush up on their mathematical techniques.
"There's a lot that companies can do to encourage their current analysts to have a more data science-oriented approach," Mitchell says, explaining that open-source education could be a big boon for those motivated in upping their game. "For example, Coursera offers entire classes in data science and machine learning and linear algebra programming. This is where I'm getting most of my education."
Security officers could also get creative in leveraging data scientists from other parts of the organization, such as the business intelligence department, says Roytman. He believes that even more important than bringing a qualified data scientist on board is effectively embedding that person into the security machinery.
"I'm just afraid of the risk of somebody hiring a data scientist and saying you guys need to drive our remediation based on our environment," he says. "And once that's deployed in practice, the guys who are doing the day-to-day remediation just don't understand how to use that data or won't use it."
He believes that one of the most effective ways organizations can start to fold a data scientist into the mix is as a justification for CISO decisions. So a CISO may have a gut feeling about something, order some exploratory analysis, and then have the statistical proof necessary to take the right course of action. It's a recipe for better results and a higher level of respect in the board room.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.