Executive Spotlight: Rebecca Garcia, SAS Federal Director on Big Data Analytics and Combating the Insider Threat

rebecca garciaRebecca Garcia serves as SAS Federal‘s director of the National Security Group where she is responsible for delivering analytic solutions to intelligence and law enforcement communities.

Prior to her current role she served both communities as director of business development for Boeing, where she helped develop the company’s cyber business plan.

She has also worked in various leadership roles at Northrop Grumman, KPMG and L-3 Communications.

Garcia sat down with ExecutiveBiz and discussed the details of big data and how SAS differentiates itself in the competitive market, her work with insider threats and how SAS filters out the “noise” in social media analytics.

ExecutiveBiz:  Can you describe your role as director of sales and some of the work you do?

Rebecca Garcia:  I’m responsible for the National Security Group, which at SAS is our Intelligence customer base.  Those are the three letter agencies, plus FBI, DEA and portions of Treasury, State, and DHS components that support the Intelligence Community.  There are two other directors of sales within SAS Federal and Karen Terrell is vice president, responsible for all of SAS Federal.

SAS has become very focused on the community that I support over the last five years and has recognized the criticality of applying advanced analytics to the Intelligence Community.  One of the really exciting parts of my job is that the technology that we’re able to provide to the commercial accounts that we support is so applicable to our space.

In her prior role as Assistant Deputy Director of Acquisition, Technology and Facilities at ODNI, Dawn Meyerriecks stated openly that this is the decade of analytics.  For us, analytics is so much more than search.  We apply the same type of analytics that allows three out of four the major credit card companies to make decisions on credit cards.  For example, when you swipe your credit card to make a purchase, within seconds or microseconds, the analytics that SAS provides helps that credit card company make a decision about whether they’re going to accept or decline a purchase.

When you apply those same sorts of analytics to other challenges, they can help assess insider threats, counterintelligence, counterterrorism and terrorist financing.  Or for those customers like the FBI who are responsible for fraud, those analytics also help with fraud, just like we assess credit card fraud.  And that’s just a tiny bit of what we do.  We also look at Social Media Analytics and the kind of threat that can be uncovered through this amazing open source intelligence data.

The data that is on social media has exploded over the last decade, beyond what I believe anybody ever could have imagined.  And so we can look at the sentiment of over 30 different languages, such as English, Spanish, Arabic, Farsi, and Chinese, and we analyze them natively, not after a translation to English.  We look at the types of topics people are talking about ‑‑ and this is not just live Twitter feeds:  this is blogs and Facebook and other open sources.  We can provide an assessment of sentiment that helps our customers understand if someone is angry about the United States, if their anger seems to be increasing over time, and whether this person could suddenly become a threat.  I hope this is something, potentially, that the FBI could use in the future, when they look at a challenge like what occurred in Boston.

Of course, there are legal policies that have to be addressed.  There are always the issues about personal privacy and how individual organizations look at that kind of media.  If a customer has the legal right to go out and assess that data for specific uses, we’re there to support them in that use.

 

ExecutiveBiz:  So you mentioned analytics offerings that are used in both the public and private sectors. How much of your business is public and how much is private? What products would you like to talk about today?

Rebecca Garcia: SAS is the largest privately‑owned software company in the world.  The government sector, including federal, state and local, is our second‑largest industry.  The largest is financial services.

What we see with our customers is that they have several key challenges.  One of them is Big Data.  We define big data as more data than an organization can effectively analyze, whether due to storage limitations, processing power or analytic capabilities.  So to one customer, that could be a much smaller amount of data than another customer.  It’s all relative.  But it’s more than an analyst or more than an organization can handle without technology and analytics to assist.

The customers I support deal with petabytes and terabytes of data.  We have solutions that help with that challenge. We assess how a customer visualizes data and what value visualizing the data can provide to the analyst, how visualizing massive amounts of data can provide insights that were never previously available.

One of the other issues we consistently see across every customer, whether commercial, state and local, federal, or international customers, is data quality.  Does their data need to be cleansed?  Are there misspellings?  Are there inaccuracies between different data sources?  I’ll give you an example.  We had a customer who was looking at the power space and cooling of several of their facilities. They were trying to ascertain when they would hit the maximum capacity of different facilities.  We looked at a small set of data.  It was one database and there were two different tables on the same database.  The two different tables used different naming conventions for the buildings.

Let’s say they had building A and building B.  Well, it looked like, instead of having two buildings, they had four buildings in the area that they were considering.  How is that possible?  Well, on one data source, building A was represented as “Bldg a”; whereas, in another table, it was “Building A”.  That data conversion wasn’t managed and so it looked like those were two different buildings.

When the analyst pulled it up, because it was such a small data set, it was obvious to see that the data showed twice as many buildings.  That’s a very obvious difference since they knew the number of buildings they have.  If you consider the massive amounts of data, not just from different tables on the same database, but the significant number of databases or mainframes or other data sources across an enterprise, those kinds of differences can pile up quickly and be very difficult to see.

Therefore, if you’re not using information management or a master data management solution, the decisions that you make based on the data that you see may seem appropriate, but since the data is giving you an inaccurate perspective of your enterprise, your decisions risk being flawed. In the best case, that would have a neutral effect.  In the worst case, that could have significant negative repercussions, especially if you’re talking about a terrorist threat.

Being able to apply that kind of data cleansing and data management across a single organization or across an enterprise can have a significant positive impact on the ability to make decisions and the speed of decisions.  And speed of decision, when you’re talking about terrorist threats, can be the difference between life and death.

When we talk about Big Data, an important question is: how do you visualize the data?   What does big data look like?  Where are there clusters of data?  Where does the data overlap?  Where are the anomalies?  Where does that data show up on a map? For instance, if you have data centers all over the country or all over the world, how big are they?  What are the consistent problems?  What if you’re looking at data that’s structured and unstructured?  For data centers, maybe you have reports coming in about users, where there are outages, or they’re having challenges, or they’re put in their report tickets.  You want to compare those report tickets, which are primarily in text, across all of your data centers and the entire enterprise.

You want to see, consistently, what are the biggest problems you have across your enterprise, or within one data center?  Are there training issues you need to address across your enterprise or is there just one data center that’s having that challenge?  What kind of issues are you having?  What information might you glean?  How can you visualize those data centers with the greatest problems?

Maybe you find value in visualizing each data center as a circle on a map, and the larger the circle, the greater the problems, or you may have certain metrics that are assigned to those data centers.  You can have color‑coded circles.  Maybe they’re red that indicates something bad; maybe they’re blue or green if they’re good.  All of those attributes can be altered by the customer, according to how they want to visualize that data and what makes sense to them.  This type of visualization is not new.  What is new is being able to aggregate this massive amount of data and glean insights from the visualization of all the data, not just a subset of the data.

The data problem is different depending on how you manage and understand your enterprise. The intent is to gain significantly more insights.  Customers want to be able to use commodity hardware and be able to make changes in the way they look at the data in under ten seconds, not put in a request to the IT organization, and two weeks later have the required information.  Instead of a lengthy process, they can do it in seconds.  And IT is free to focus on more strategic initiatives.

The decision‑making capability is driven down to the lowest organizational level to the individual that the leadership is comfortable driving it, and this allows senior executives to have insight into their entire organization.  If they want to drill down in the data, they can do that.  If they just want to change a report, because they want to see the data in a different fashion, again, they don’t have to call IT.  They can do it themselves.

 

ExecutiveBiz:  I know a lot of your customers are in the intelligence community.  Are there any examples of your offerings that you could give that are making a difference in a certain intelligence situation or otherwise in government, not specifically the intelligence community? 

Rebecca Garcia:  We do have customers that are applying information management to their data.  This can be extremely helpful for customers with sparse data.  So they’ll receive information through many different sources, but it’s little pieces of disparate information.  So how do we get from there to the point where information indicates this person is going to do this really bad thing that can negatively affect either American forces or American civilians.  And, it’s going to happen on this day and this time and this is exactly how they’re going to do it, and this is all the people involved?

For law enforcement and the federal government, that just doesn’t happen – having everything they need in one place making it easy to understand the threat.  So what they typically get are little pieces of information to build a case and an analyst or law enforcement professional has to put that together and understand the threat.  Because the data is so sparse, making those connections can be extremely difficult.

So being able to look at all the data in one place, being able to clean the data is critical.  One good example would be the spelling of names or the misspelling of names.  I’m not a very good typist, so I understand this all too well. Like me, I am sure there are law enforcement folks who are not the best typists.  Add in the urgent nature and importance of their profession, and misspellings occur.  There are lots of different ways to spell names.  There are misinterpretations of different languages.  Being able to apply information management to improve the quality of that data, then visualize it effectively, can provide insights that just were not available without those tools.

We also have customers using social media analytics in various languages to understand threats.  It is a source of information that is highly useful.  One of the big challenges that I see with social media analytics is there are a lot of vendors out there that only apply their analytics to live Tweets, which is useful, and I would say, wildly insufficient..

Our customers suffer from a signal‑to‑noise ratio issue particularly in dealing with social media. What I mean by that is they get lots of data back that is not very useful.  They may be doing a search where you could get information back that is appropriate for the search and has nothing to do with the subject that you really care about.

And the way that we work with analysts to build our taxonomies means we can filter out what we would call “noise,” the information that is absolutely irrelevant, so that analyst can look at the information that is most pertinent to what they care about.  And instead of always searching for the nuggets of data, they get information that is directly applicable to the problem set that they need to address.  So again, that’s about having the right information as rapidly as possible, so that the analysts and the law enforcement folks can assess what is most critical or most threatening or most relevant, and they have faster time to decisions.  Ultimately this is about faster time to mission.

 

ExecutiveBiz:  How are you setting up your part of the company for future growth even with the questionable budget situation?

Rebecca Garcia:  I love this question, which may be surprising.  I’m not saying this is a SAS perspective, but my own personal perspective is that, as the budgets are being cut, one of the things that customers do is that they’re forced to reduce the number of contractor staff supporting their mission.  Because the most experienced individuals are often, traditionally, the most expensive, those are often the first folks to go.  So the outcome of that is you end up with the least experienced individuals left on the contract often very skilled individuals, without many years of experience..  While that’s understandable, that can create risk on programs.  And when a government agency is not able to put more people on a contract to address their problems, in my opinion, they need to turn to analytics.  Their data is only growing bigger as, unfortunately for them, their staff gets smaller.

If you don’t use analytics, there is an enormous risk to the mission and to American citizens.  One of the great things that SAS is doing is that our founder and CEO, Jim Goodnight, believes in this mission and is investing and allowing us to grow in this area because of his belief in our ability to provide critical solutions to this customer base.  There are a lot of companies that are having to lay off employees due to the decrease in their contracts, but we’re growing our work force, and we’re finding new ways to apply solutions to customer problems.

 

ExecutiveBiz:  Are there any topics having to do with your company that you’d like to talk more about?

Rebecca Garcia:  I’m excited about our work to combat insider threats.  Some people refer to this as counterintelligence or an insider security threat. 

We use a hybrid approach, different from any other vendor to assess the biggest threats to a customer.  With many other vendors, you need to have a name, phone number, address or some specific piece of information on which to do a search.  For SAS, that’s not necessary.   

We worked on this solution with the Director of National Intelligence, applying it in a C3E challenge. Staff of the DNI created a challenge where there was a  threat and those who participated in the challenge had to find the one person who was the threat.  The challenge did not provide this person’s name, a complete phone number, or a specific address.  There was simply a lot of information including a partial phone number, a specific date, an area near where this person spent the night, credit card receipts, and other extraneous information that made the challenge even more difficult.  SAS was able to determine the name of threat, that the phone number was his wife’s cell phone and we used a repeatable solution to do so.  Whether it’s counterterrorism, insider threat, terrorist financing,  or fraud, you set up a scenario with certain rules and behaviors you expect to see.

You bring in all the data, be it financial, text, structured or unstructured, and you run it through all the analytics.  One of the last things you actually get ‑‑ not one of the first things, me is this really nice visualization of networks of entities.  The first thing the analyst or investigator receives is a prioritized list of possible threats.

As with credit card fraud, the system generates a score, so that the investigator or the analyst can start with the biggest threat and not have to spend time on the thing that’s five percent likely to be an issue.  They can focus their time on the biggest threat to that organization.  They can drill down into that information and pull up the associated data to ensure they understand why the analytics provided a specific score and they can drill down into a social network analysis diagram.

Some people refer to that as link analysis.  This is something that’s automatically generated by the software.  It’s not something that the analyst or investigator has to build themself.  And it’s based on the data.  We can build that diagram, if there are partial phone numbers, or if there’s not a clear address.  The C3E problem was really talking about someone who was a threat.  The challenge provided very incomplete data, just like our customers deal with every day.  That’s all the information they have.  And, ultimately, in this C3E challenge, it turned out that there was a man who used his wife’s telephone number and we were able to ascertain that specific person was the actual threat. We are focused on helping our customers do the same thing, find the threat.

One of the great things about the solution is that it’s repeatable.  Academia provides some amazing solutions to our customer set.  Sometimes, the challenge of that is having a repeatable solution.  There may be an algorithm that is used that is a single‑use algorithm for a very specific use case, whereas we provide a COTS solution that is repeatable.  Our security intelligence provides lots of different algorithms and rules, and based on the data that we’re provided, we select the best analytics for that particular scenario, and if there’s a different scenario, then a different set of rules and algorithms may be chosen.

And then, it’s up to the analyst or the law enforcement personnel to decide whether or not they believe that data, because they can drill in and look at all of it, and so they decide if they want to open a case, do further investigation or make this particular threat known to their leadership.

 

ExecutiveBiz:  You worked at big firms like Boeing and Northrop Grumman.  How did that help you in your permanent role as an executive.

Rebecca Garcia:  The organizations I managed at those companies were much larger, so it gave me insights into what I need to put in place as we grow the organization, which I think is incredibly helpful.  It also provided me a broader view of  customer problems.  I’ve directly supported every customer that that is currently under my purview.

I find that the insight into those mission problems is really helpful to understand what kind of solutions should be applied.  It’s so much easier to be passionate about a problem when I have direct insight into their challenges.  I also find that, for so many of the publicly‑owned companies, our system integrator partners, while it’s critical that they solve the customer problem, they also have another customer, and that is their shareholders.  There’s a healthy tension between the commitment to the mission’s needs and the needs of the shareholders.

Because you can’t continue to increase staffing people to address a challenge when there are significant budget cuts, we’re able to provide customers with a way to have significant impact on a problem without massive investment.  We can help integrators bring enormous value to their customers in a time when budgets are shrinking.  And being able to understand how the customer looks at that problem and work with  system integrators on the challenges and speak in a way that resonates with customers is really exciting.

 

ExecutiveBiz:  So what are you most excited about, moving forward at SAS?

Rebecca Garcia: SAS has truly advanced analytics ‑- so far beyond search — that can look at structured and unstructured data and that really address hard problems today.  With the customers I support, I cannot imagine being at a better place.  And it’s so amazing working for a company like SAS.  I am in a culture where people matter.  You’re not just a number.  The people here make this such an extraordinary team environment.

We focus on answering how can we help our customer, how can we work together, how can we support each other in an amazing and compassionate way, with everyone’s eye on doing the right thing for the right reasons.  It’s not just about the bottom line.  Clearly, we have to be profitable, or we won’t continue as a company.  It really is the customer first, and the employee always.  And that’s rare today.

email
Filed in: Executive Spotlight, General, News Tags: , , , , , ,

You might like:

Northrop to Provide Engineering Support for Navy Combat System Upgrade; Mike Barrett Comments Northrop to Provide Engineering Support for Navy Combat System Upgrade; Mike Barrett Comments
Schafer to Help DARPA Facilitate Computing R&D Projects; Wesley Blankinship Comments Schafer to Help DARPA Facilitate Computing R&D Projects; Wesley Blankinship Comments
L-3 to Host Cloud-Based Cyber Training, Certification Program; Les Rose Comments L-3 to Host Cloud-Based Cyber Training, Certification Program; Les Rose Comments
Northrop Kicks Off Baltimore Space Assembly, Test Facility Construction Northrop Kicks Off Baltimore Space Assembly, Test Facility Construction

2 Responses to "Executive Spotlight: Rebecca Garcia, SAS Federal Director on Big Data Analytics and Combating the Insider Threat"

Leave a Reply

Submit Comment

© 2014 ExecutiveBiz. All rights reserved.