Building and maintaining complex distributed systems
June 19–20, 2017: Training
June 20–22, 2017: Tutorials & Conference
San Jose, CA

Ground truth in cyberspace: How to launch effective defenses built out of AI

Allison Miller (Google)
11:25am–12:05pm Thursday, June 22, 2017
Security, Systems Engineering
Location: LL21 E/F
Level: Intermediate
Average rating: ****.
(4.50, 2 ratings)

Who is this presentation for?

  • System analysts, architects, product managers, security analysts, and security engineers

Prerequisite knowledge

  • The ability to map out a use case or user flow
  • A basic understanding of statistics

What you'll learn

  • Understand how and where ML/AI might be useful to introduce into system design
  • Learn how to architect and build a decisioning system and where to look for training data
  • Understand the gotchas to consider when deploying prediction tech and tips on language/concepts for explaining how and why ML/AI works to stakeholders


Security has evolved from a relatively simple model—define system boundaries and isolate internal networks away from the outside world (perimeter based)—into a more complicated modern form that must enable interconnected devices and systems and support ever more dynamic behaviors and data flows, both internally and across independent environments, in real time and at scale. It is not a coincidence that cybersecurity has shifted emphasis away from being a pure “IT” concern, where proposed solutions typically involve adding more tools and more layers of security technology, to a more complex constellation of business and system design concerns that require security professionals to leverage more data, bring more human insights into the control suite, and drive security requirements deep into underlying architecture.

Allison Miller shares ML- and AI-based strategies for defending platforms and enterprises from security threats and explains where they fit into the picture to get the most bang the buck. Allison begins with a discussion of how ML and AI work (at a high level), and where they are already being used successfully (e.g., marketing and operations). Allison also explains where these techniques and tools have been launched most successful in security and why (fraud, spam, malware detection, etc.).

Allison then drills down into more technical detail about where ML/AI is most effectively employed in the enterprise/platform context. Typically, ML/AI is deployed in automation driven by “decisioning” systems, which can be embedded in customer-facing UX, internal system operations, or data flows. Allison walks you through a model build process to explore the development and deployment process—going into just enough math during the discussion to induce flashbacks to your last brush with statistics.

Allison concludes by reviewing implementation options for these data-driven automation strategies and discussing the real-world costs and benefits of the approach. Allison also outlines some points on “buy versus build” considerations, useful tools, and where to start if you’re faced with bootstrapping a decisioning system from ground zero.

Photo of Allison Miller

Allison Miller


Allison Miller works in product management at Google, mitigating risks to Google and end users. Previously, Allison held technical and leadership roles in security, risk analytics, and payments/commerce at Electronic Arts,, PayPal/eBay, and Visa International. Allison is a proven innovator in the security industry and regularly presents research on risk analytics, cybersecurity, and economics. She is known for her expertise in designing and implementing real-time risk prevention and detection systems running at internet scale.