DeepSec 2019 Talk: What Has Data Science Got To Do With It? – Thordis Thorsteins
In this talk I want to shed some light on data science’s place within security. You can expect to learn how to see through common data science jargon that’s used in the industry, as well as to get a high level understanding of what’s happening behind the scenes when data science is successfully applied to solve complex security problems.
The talk is aimed at anyone who’s been curious or had questions about the rise of things like “machine learning” or “big data” in the context of security. No prior data science knowledge is required.
We asked Thordis a few more questions about her talk which will be held at DeepSec 2019.
Please tell us the top 5 facts about your talk.
- It will give an insight into the exciting (and sometimes terrifying) world of data science and into its applications in cyber security. After this talk buzz words such as “machine learning” will sound a lot less cryptic.
- It will provide the audience with practical tools to decode statements that rely on data science jargon. Think “Our cutting edge AI solution will solve [insert your favourite security problem here]”.
- It is based on a shorter talk that I presented at BSides London earlier this year.
- No previous data science knowledge is required from attendees.
- It might include a live demonstration of how easy creating a model can be and that this is not where the true value lies.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
Terms like “artificial intelligence” and “data driven” are used casually with all sorts of meanings. In many cases the objective seems to be to impress while giving little to nothing away. This can be quite deceiving but there are simple techniques that anyone can apply to see through it. The idea of this talk came about as I wanted to make such techniques available to the security audience.
Why do you think this is an important topic?
Because ML, AI etc. are powerful tools, but are only useful when applied correctly and are by no means magical solutions that will solve any given problem (like coverage often makes them sound like they are). It’s important to be able to see through claims that rely heavily on these without further explanations (not just for data scientists) – both in security and more generally in a world where data science plays an increasingly large role.
Is there something you want everybody to know – some good advice for our readers maybe?
Data science is more accessible than you might think. You don’t need to be a data scientist to grasp the key concepts that matter for people that work in a field where data science is applied widely. Don’t tell too many people though – us data scientists still like to feel special.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
Defining a problem correctly and well enough so that a model can be developed to solve the problem is currently a complex part of the overall process. I think that in the future machines will become better at suggesting meaningful problems (meaningful being the key part here) that we could solve given the data we have access to. This could prove very useful when it comes to tackling big problems of the world. Complex problems often require innovative thinking and a machine that has a lot more memory than a person does is well equipped to look into a wide range of ideas before coming up with an ideal suggestion.
A background from mathematics and an interest in computer science led me into a field that sits nicely in the intersection of the two – data science. Before applying data science to security I worked in risk management, but a year and a half ago I joined Panaseer where I work with the rest of the team to derive useful insights for customers from their security data.