We sat down with Oort’s Data Science Lead, Alex Zaslavsky, and got the scoop on how data powers decisions in identity threat detection and response, and how the best identity security companies listen to their customers and move fast. Get to know “Sasha” and how he sees machine learning and artificial intelligence evolving.
Q: You recently joined Oort to lead the data science team after many years at RSA and more recently, at Facebook. Those are two radically different and mature companies. What led you to want to join Oort at this early stage?
A: I started my journey at RSA as a member of a data science team working on a financial fraud detection model. Fraud detection was the first security field to explore and adopt population behavior analysis to identify bad patterns. As the company evolved, the need for employee behavior analysis emerged as well. In my last few years at RSA I was leading the data science efforts in the Securid product. My goal was to improve the end-employee access experience, the ease of accessibility without compromising the overall security.
After solving security problems for bank customers and corporate employees I was wanting to explore the consumer space, and Facebook is one of the best places for that. My focus was analyzing off-platform spam and attacks. I noticed that identities are the weakest link in the security chain and organizations don’t have the right tools to manage and mitigate the associated risks. Once I heard about Oort and its goal to detect and respond to identity threats, I felt that this is where I can contribute the most with the experience I’ve gained over the years.
Q: What is data science? How is data science and the work you do used at Oort? Can you give us some examples?
A: I once heard an analogy that I really liked: a data scientist is like a chef in a restaurant. You need to understand what is not working or missing from your menu, come with a hypothesis for what your customers might like, choose your ingredients and spices, cook the dish and explore the impact. My goal is to improve admin visibility into identity threats and to enable our customers to reduce security risks by responding to these. At Oort, we have more than 30 years of collective domain knowledge in IT security and user and entity behavior analysis. This helps us to identify risky behaviors and actions can lead to a security incident. We apply various statistical analyses on millions of user and system logs to make our alerts accurate so the security users will invest their efforts on the most impactful response. The intersection of theses define data science and a data scientist – computer science, math, statistics, domain and business expertise.
Q: It seems like everyone these days is talking about “machine learning” and “artificial intelligence”, but you’ve been in data science for over ten years. How has your role evolved over the last decade?
A: Most companies have now realized that data science can directly impact their bottom line. Many examples come to mind like reducing fraud losses by analyzing users’ purchases, video recommendations to improve customer satisfaction and reduce churn, or improving breast cancer diagnosis via MRI images. Algorithms and platforms have evolved in a way that it’s almost embarrassing to remember how I built my very first phishing detection model.
Over the years, I’ve realized that it’s equally important to invest in product management skills and business understanding to build a successful ML or AI solution. Define your problem and constraints, estimate the ROI, and start simple. You don’t have to run the most advanced or shiny solution which no one understand or knows how to implement or support. Netflix’s original million-dollar algorithm that improved the movie recommendation system by 10 percent was ultimately not implemented due to business constraints. The implementation cost was higher than additional accuracy gains and the company business model shifted to video streaming service instead of DVD.
Q: Do you have a ‘secret weapon’ that makes your work in data science easier or faster?
A: For us at Oort, it’s critical to have reliable customer feedback to validate each analysis we do. To move fast and make decisions, we need to be able to reuse prior developments together with new models or assumptions and to be able visualize the results to our customers based on fresh data analysis. So, customer feedback our ability to move quickly, that combination is our secret weapon.
Q: Can you recommend a few books or resources that an early-career data scientist might find useful to learn and get started? What about for an expert advancing their career?
A: There are numerous opportunities for self-education services like Coursera or Fast.ai in addition to more formal academic degrees. This variety of educational opportunities can actually be overwhelming both for newbies and for experts. I always recommend exploring Kaggle competitions (or any other ML competitions or hackathons).
You can learn about different business problems which can be solved with ML tools. You can also explore popular analysis methods and the best performing models. Engage with active community members and you might even win a prize. I would like to circle back to a previous question – what is data science? I believe that solving a real world problem in a competition helps better understand different aspects of a data science role and focuses on what skills one would like to develop. Start there. Once you know what you’re looking to do, you’ll be ready to look for specific books or any other resources.
Q: Wrapping up, let’s fast forward 20 years. What can we do with machine learning powered by data science? What can we not do? Do you think AI will replace security specialists?
A: With so many success stories, the demand for AI grew 74% over the last 4 years and the investment in research is rapidly increasing. So I don’t think someone can predict what will happen in the next 12 months, definitely not in 20 years. With that, I can make an educated guess that AI will take a critical role in shaping future IT security solutions as a tool in a security professional’s toolbox.
Organizations will continue to invest in various technologies and applications in their digital transformation and cloud adoption journey to deliver even more value to their customers and reduce operational costs. New opportunities will generate complicated networks of interconnected relationships (employee-to-app, vendor-to-app or even app-to-app) and complicated management configurations which will lead to development of new security threats. As we previously discussed, to build a successful AI tool, you have to start with an understanding of what is the problem you’re trying to solve. This is why I think information security professionals will evolve to be information security data scientists and will invest in adding AI to their toolbox to be able efficiently analyze large and complex information datasets to detect security incidents and access risks.