Profile picture
Ram Shankar @ram_ssk
, 7 tweets, 3 min read Read on Twitter
This is my team's work, and here is some more insight into how we got this done. What did we do beyond being Applied ML Engineers?
1. In 2014, we re-jiggered our strategy:
- No more anomaly detection. Only Security Interesting alerts
- Put domain knowledge front and center of our ML systems. Yes, LSTMs are cool, but the alerts better make a SecOps person happy.

blogs.msdn.microsoft.com/azuresecurity/…
2. SecOps is not our turks for labeled data; they are our partners and solid source of domain knowledge. As Applied ML Engineers, we sit right next to them and triage alerts every single day; we go on hunts with them; we sit with them during incidents and be on call for them
3. Another source of domain knowledge, is service owners. Azure is complex, but those who built these systems sit around us. So, we would build our game plan for detections to protect Azure's crown jewels, with their input.
4. Another source of domain knowledge, is red team members. The amount of time I have walked to @sachafaust to brainstorm or @darkpawH to learn about pwning the cloud (and to get brownies) is well worth it. So, yeah, you wanna get these people lunch/beer regularly
5. Finally, lots and lots of testing. We test our detection before, during and post deployment using everything from previous pentest data to actual incident data to automated test harnesses. If something did not make the call volume bar, it is not being shipped.
6. As @SwiftOnSecurity noted problems rarely have simple solutions. Detecting geo login anomaly sounds really easy (I always logs in from Redmond, now logging in from Russia), but it could be because of travel, VPN, Company proxies and host of other things. Devil's in the detail!
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Ram Shankar
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ram_ssk see all

Profile picture
THREAD: When ML system fail because of adversarial manipulation, how should society expect law to respond?

I've been working with lawyers @d_obrien, @KendraSerra, @salome_viljoen to figure this out and here's how ML engineers can help

Paper: arxiv.org/abs/1810.10731
1. Benchmark your defenses and attacks - Public policy experts dont know how to prioritize the published defenses and attacks.

Invest in community benchmark like robust ML (a la @aleks_madry ) and report your results after tools like cleverhans.
2. Architect your ML systems for forensics - It will help the security people during investigation/response and help the legal folks later
Read 7 tweets
Profile picture
How to make adversarial ML relevant in real world scenarios? That's what described in 25 pages of insightful commentary by Gilmer, @ryan_p_adams, @goodfellow_ian and all - arxiv.org/abs/1807.06732. Spoiler: They know that boxing matches are pirated! Cliff notes below:
Not all perturbations need to be imperceptible. This is the action space of the attacker along two axes, which leads to the following kinds of attack classes
Here is how to spot adversarial defenses that arent *really* defenses
Read 5 tweets

Related threads

Profile picture
Here's a good preliminary recap, from @holden, of the Newspapers on Wikipedia project he started last May. But I strenuously object to even a hint of disappointment in the outcomes! Several reasons...I'll make my own short thread to outline them.
1. The hint of disappointment comes from the goal of doing 1,000 papers. But that goal was totally arbitrary! What funding this project had (which was highly significant, but also -- as a testament to the project's design -- tiny, in terms of the work produced) was proportional.
...That is, hitting only 25% of the goal means that our funder made only 25% of anticipated expenditures. It's entirely unlike most funded projects, in which "falling short of the goal" implies that a funder's money was wasted. That simply wasn't the case here.
Read 13 tweets
Profile picture
Here's my honest opinion about conservatives, politics and the rule of law. Sorry if it's too simplistic. Many of you know I became (almost by accident) the founder of the first Hispanic Social Network in the USA, Quepasa Corp., which grew to 50 million users ... (cont'd) #MAGA
Sorry if this sounds too "politically incorrect" but I'm a "white guy" who grew up in Southern California to caucasian parents. When I started the Quepasa internet business 20 years ago, I taught myself Spanish. Wanted to help out, somewhere in the world I thought needed help...
And so I did. Quepasa launched, in our first year we passed up Yahoo in Spanish, our only competitor online at that point in time. We had national advertising campaigns, our brand became big, I travelled to #Mexico and met top businessmen there, and political figures. Later,
Read 11 tweets
Profile picture
Hi, hello, I’m reporting from the media room at JPL for the #InSight #MarsLanding. From now on until it’s over I’m going to keep my Twitter feed clean of anything except landing-related news. I’ll likely do a Q and A on Twitter today after the post-landing press briefing.
Here is my landing timeline:
planetary.org/blogs/emily-la…

You can watch the uncommented feed (just the control room) here: nasa.gov/multimedia/nas…

And the commented feed (with talking heads) here: mars.nasa.gov/insight/timeli…
Julie Werz Chen reports from mission control they've heard from Mars Reconnaissance Orbiter and are in telemetry lock with both MarCO-A and -B. This is promising for receiving telemetry from InSight via the cubesats live throughout the landing. #InSight #MarsLandingDay
Read 46 tweets
Profile picture
1/ What's wrong with #lawfirm compensation? Let @jordan_law21 count the ways.As predicted 🔮 (by me, about what I was going to do 😇), a #tweetstorm. First the link: law21.ca/2018/09/how-co…
2/ Next, my favorite #micdrop 🎤 quote: "law firms incentivize their lawyers to act in ways that are counter-productive to lwayers' happiness, clients' satisfaction and the firms' effectiveness." and 💥goes the 🧨-- more #truthbombs follow.
3/ 💯 agree that legacy compensation systems (and the attendant infrastructure of #tech, #process, #policy, governance as well as resulting #culture) emphasizes #lawyer effort over #client outcomes (namely, the billable hour). BUT I add here: what would be a better #alternative?
Read 15 tweets
Profile picture
Here's a critique of the UK database entries of our Financial Secrecy Index, from a lawyer at Clifford Chance - one of the world's ten biggest law firms (per Wikipedia). And what follows is a response on the points raised.
To begin, we really value expert feedback. We had a nearly two-year review process before the Jan.2018 release, which we were delighted to find brought in a great many stakeholders, including experts, users and subject jurisdiction policymakers..
You can find more information about the methodology and review, including a statistical analysis by the European Commission's index experts, here: financialsecrecyindex.com/introduction/m…
Read 139 tweets
Profile picture
Here is a thread on INTERVIEW QUESTIONS as you guys keep asking. There are 31 questions - I hope this helps 🙂

#JobsThread #InterviewTips
1. CAN YOU TELL US ABOUT YOURSELF?

This Q seems simple, so many people fail to prepare for it, but it’s crucial.
Don’t give ur complete employment (or personal) history. Instead give a pitch—1 that’s concise & compelling & shows exactly why you’re the right fit for the job.
Start off with the 2-3 specific accomplishments or experiences that you most want the interviewer to know about, then wrap up talking about how that prior experience has positioned you for this specific role. 😬
Read 86 tweets

Trending hashtags

#lawfirm #Bible #measurement #Mexico #here #micdrop #messiness #JesusChrist #dial #NewTestament #AMA #alternative #tech #firm #Office #heretic #admin #WorkHardFromAnywhere #strategy #MAGA #PRI #DONE #Democrat #JobsThread #InterviewTips

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!