IT’S SCIENTIFIC - YOUR
ORGANIZATION NEEDS
DATA SCIENCE!
Adam Harting, ISP® | Manager, Data Sciences & Analysis
Global Security Services |Raytheon Company
Resolver Int:rsect 2018 |San Diego, CA

WHAT IS DATA SCIENCE & ANALYSIS?
 The use of scientific methods, processes,
algorithms, and systems to extract knowledge
and insights from various data sources to create
actionable business intelligence.
 Intersection of fields in mathematics, social
science, computer science, and business
analysis.
 Applying the practice of hypothesis testing,
modeling, and machine learning methodologies
to business processes.
 Deepen understanding of phenomena ranging
from physical and biological systems to human
social and economical behavior.
Mathematics
& Statistics
Computer
Science
Business Domain
Knowledge
Data
Analytics
Data
Science
Advanced
Analytics
Machine
Learning
"This hot new field promises to revolutionize industries from
business to government, health care to academia."
— The New York Times —

DSA JOB LANDSCAPE
Source: https://blogs-images.forbes.com/louiscolumbus/files/2017/05/Data-science-and-analytics-landscape-graphic-from-IBM-1.jpg
Data Sciences is the number one growing career in the United States and the Best
Job In America according to Glassdoor’s 2018 Rankings.
IBM predicts the demand for Data Scientists will soar 28% by 2020.
Source: https://www.forbes.com/sites/louiscolumbus/2018/01/29/data-scientist-is-the-best-job-in-america-according-glassdoors-2018-rankings/#1a20a3a75535

BIG DATA CAUSES BIG PROBLEMS
 Virtually every sector in the world market has
access to more data than a decade ago.
 Data is being collected at an alarming rate
that exceeds the capacity to extract value
from it.
 There is a cascade of overwhelming data on
everything.
 The pressing question for every organization is
how to use data effectively – organization
situational awareness, company risk,
sustainability, process improvement,
compliance…
Big Data Scale = Terabytes (10^12) and Petabytes (10^15 - 1 million gigs)

THE SCALE OF DATA

WHAT CAN DSA DO?
Operational Metrics & Process Improvement
•Day-to-day visualizations to measure overall health of operations and status of work
items throughout each global discipline
•Situational awareness
•Data support for process improvements and sustainability measures
Business Intelligence
•Business development & risk assessment intelligence packages
•Foreign posture analysis
•Information system and network analysis
•Employee behavioral analysis
•Risk methodologies and mitigation strategies
Predictive & Prescriptive Analytics
•Risk based methodology analyses & intelligence packages
•Behavioral analysis
•Threat Management
•Insider Threat analysis

THE POWER OF DSA WITHIN AN ORGANIZATION
 Empowers your company leaders to make data-
driven business decisions through the use of data
sciences and analytics.
 Companies need a data science platform to
overcome barriers to reproducibility and
collaboration.
 Explores data, shares analyses, and deploys predictive
models for business decision making.
 Optimized leadership metrics and measures to ensure
timely and effective reports are used to influence
business.
Design &
Construction
Insight &
Reporting
Transforming
& Action

BUSINESS INTELLIGENCE
“In God we trust; all others must bring data.”
– William Edwards Deming –

WHAT IS BUSINESS INTELLIGENCE (BI)?
 The exploration of business information.
 Common BI tools and methodologies:
 reporting
 analytical processing
 data and process mining
 organizational and business performance
management
 baseline and benchmarking
 predictive and prescriptive analytics
BI at “the click of a button”

ANALYZING BUSINESS INTELLIGENCE
Business Intelligence
External
Sources
Other
Company
Sources
Incident/Risk
Management
Systems
• Reactive Intelligence
• Proactive Intelligence
• Predictive Intelligence

EVOLUTION OF DATA ANALYSIS
CompetitiveAdvantage
Analytics Maturity Driving Risk Decision Making
Optimization &
Automation
Predictive &
Prescriptive
Modeling
Predictive
Analytics
Raw Data
Visualizations &
DashboardsStandard
Reports/Metrics
React & Respond Predict & Act

MEASURING AND
MANAGING RISK USING
DATA SCIENCE
“Risk comes from not knowing what you’re doing.”
– Warren Buffett –

WHAT IS RISK?
LikelihoodofOccurrence
Severity of Occurrence
 The increased likelihood or
probability that a given undesirable
or detrimental event will occur
causing damage, liability, loss or
collective negative impact on
operations.
 The probability or threat of loss or
damage that could occur due to
lack of mitigations and/or protective
measures by company or customer
requirements.

Risk
Mitigation
Strategies
ADVANCING RISK MANAGEMENT
Data
Analysis
Risk
Assessment
Risk Baseline for
a specific area
of interest
Un-mitigated Threat Profile
• Areas of interest that has
measured and
validated risks without
mitigations
• Organization(s) can
apply concentrated
attention on specific
areas of risk
• Strategic planning on
resource allocation
Validates Risk
Baseline/Mitigations/
Identifies Additional Risks
Currently Applied
to Area(s) of Risk
Identifies
Additional Risks

INFLUENCING THE
BUSINESS – CASE STUDIES
“What gets measured, gets managed.”
- Peter Drucker -

MEASURING THE BUSINESS ENVIRONMENT
 Enterprise Security Incident Summaries
 daily investigation metrics : case load : time management : investigation performance : root cause analysis
 security incidents by organization : organization analysis : impacted programs
 physical security case load : incident categorization by officer
 Business Continuity & Preparedness Threat and Vulnerability Assessments
 facility threat and vulnerability assessments : risk score : business continuity
 Cyber Security
 IS posture : IS status : locations : certifications : accreditations
 Company’s Global Exposure to Terrorism and Acts of Violence
 location proximities : attack trends : attack methodologies : target types : historical trends
 Monitoring Internal Risk Assessments
 assessment trends : organizational health
 Global Event Identification Tool
 facility location identifier : estimates of impact to global event
 Human Behavior Analysis
 insider Threat : threat management : human/event indicators

CASE STUDY 1
Human Behavior Analysis

WHERE’S WALDO?
• Workplace Violence and Insider Threat incidents
are on the rise
• Used scientific methodologies and processes to
compare events/incidents to indicators
• Utilized network theory and analysis to visually
show nodal cluster connections and patterns
• Established monitoring and mitigation strategies
to minimize or eliminate the threats of espionage
and acts of violence

CASE STUDY 2
International Growth and Risk

WHERE TO BUILD NEXT?
• Company was looking to establish a new facility in a
non-us country to improve market share
• Area(s) of interested had significant risks
• Data Science team was asked to measure and
evaluate historical risk data (violence and acts of
terrorism) and evaluate the levels of risk
• DSA used open source data from esteemed
University and internal company locations to
establish risk baselines for each prospect
• Analysis gave leaders a unique lens on where to
establish the new facility

HEAT MAP
• Intelligence products have historically
been high level static reports that
provide general threats and risks in
certain countries and/or regions
• Good place to start, but misleading –
entire countries and/or regions do not
have the same risks/threats throughout
• Requires a significant amount of text to
explain the details risks/threats for each
country
• Does not relate risks and threats back to
the businesses and networks in scope
• Does not provide the level of detail
needed in order to make well-informed
business decisions
• Strictly a data visualization – NOT
providing strategic information

SCATTER ANALYSIS
• Level of granularity significantly
increased and begins to show a
truer distribution of risks/threats
• We now start to see that not all
areas of countries and/or regions
have the same level and/or types
of risks/threats
• We still do not see how the
risks/threats relate to our
business/network
• Scatters with this many nodes are
very noisy and do not provide
clear enough information to make
well informed business decisions
• Strictly a data visualization – NOT
providing strategic information

BLENDED SCATTER ANALYSIS
• New start getting a sense of the
risks/threats as they relate to our
specific network when we overlay
the nodes of our network over the
historical threat events
• This visualization still requires a
significant amount of analysis to
interpret the data and draw out
specific that will allow us to make
well informed business decisions
• Strictly a data visualization – NOT
providing strategic information

BASIC INTEL PACKAGE
• Intel packages should not just visualize
data, they should provide information
• This intel package tells us how many
incidents there were within range (100
miles) of our facilities – the range is
determined by whatever your org’s
comfort zone is
• It also tells us what types of attacks and
what the targets were of those attacks
within range of our network and its
individual nodes
• We also get a historical 5 year trend
• Package still requires further analysis
• What are the trends by site?
• What are the distances of incidents from
our facilities? Are they more than 50 miles
or are they within 5 miles?

ADVANCED INTEL PACKAGE
• We now see which facilities have
risks/threats within varying ranges
• We also see the risk/threat types and
the target types within each range
for each facility
• We are able to start making better
informed business decisions from an
intel package like this, but it is
historically focused
• We do not know what is projected for
the future

FORECASTING RISK
• Done through the development of
algorithms / forecasting models
• Determines whether we project risks
to increase or decrease in the
coming days/weeks/months/years
• Allows us to pinpoint the specific
risk/threat areas which we need to
mitigate against or avoid
• Allows for better allocation of
resources to properly address areas
of concern

COMPLETE AND VALUE-ADDED INTEL PACKAGE
FORECASTING
MODELS
ADVANCED ANALYSIS
BLENDEDSCATTER
ANALYSIS

DATASCIENCE
TECHNOLOGYECOSYSTEM
SOURCE:http://mattturck.com/wp-content/uploads/2017/05/Matt-Turck-FirstMark-2017-Big-Data-Landscape.pngz

Questions?
“If you torture the data long enough, it will confess.”
- Ronal Coase -