Data science is an increasingly popular field of study that’s relevant to every industry. When Maria Puertas Calvo was a student, she never imagined that one day she would pioneer data science techniques to detect security threats. She started her Microsoft career on the Safety Platform team, developing algorithms to identify Microsoft reports that send spam emails. She then worked on machine learning to detect account compromise in real-time for Microsoft accounts.

Maria now leads the data science team for security in the identity divide, “workin on” several difficulties: protecting consumers from account compromise, protecting our own infrastructure from fraud and abuse, and making sure that spammers and bots don’t create accounts that will harm people or other organizations. Her operate has been so critical that her team is doubling in size, expanding from Redmond to Dublin and Atlanta.

In honor of Women’s History Month, Alex Simons, Corporate Vice President of Identity Program Management, sat down with Maria to learn more about her groundbreaking study and inspiring tale. The interview has been edited for clarity and length.

Maria Puertas Calvo leaning against a wall next to an open window.

Alex: Maria, how did you get into engineering?

Maria: I am originally from Madrid, Spain. I was always interested in math and science. Since I was little, I was always the straight-A student–really in love with numbers. When I started studying physics in high school, I knew that I wanted to have a career in science, doing something innovative.

In Spain, you don’t really leave for college. You go to class during the day, and then you go back to your parents’ home at night. A really good university was only 10 minutes away from my house. It wasn’t really engineering-focused, but it did have one technical school that offered electrical engineering and computer science.

Alex: What prompted you to construct the transition from pure electrical engineering into something more forensics-focused and then eventually data science-focused?

Maria: It was all pretty accidental , not something I had planned. I did really well in college–I was first in my class. And I finished in 2010, in the middle of the Great Recession, which hit the Spanish labor market horribly. At that time, the unemployment rate was 25 percentage. The lucky ones, like people in engineering, were getting chore offers. But when you’re in technology, the only options in Spain are to work for a consulting corporation or to do support or marketings. There weren’t any entry-level jobs in research and development.

So, I started a master’s with a group doing research on biometrics. The master’s was also in computer science and very related to artificial intelligence and a lot of interconnected realms like multimedia signal processing, computer vision, and natural language processing. I did my thesis on statistics around forensic fingerprints, and the likelihood of a random match between a latent fingerprint found at a crime scene and a random person that could have been erroneously convicted of that crime.

Alex: So what is the likelihood of that happening?

Maria: It’s really, actually low. But it’s not zero.

Alex: Okay, that’s totally fascinating! I recall that you actually did your graduate work here in the United States, right?

Maria: When I finished my master’s, I was dating my now-husband, who is American. And I did not want to finish the whole PhD. I wanted to go work in the industry because I had been a student for seven years already, plus the rest of my life before that. I also wanted to start a life, and not do long distance between Madrid and Washington, D.C. So, I took advantage of my scholarship to become a visiting researcher at the University of Maryland working on iris recognition biometrics. I ended up staying about nine months.

Alex: Oh, wow. My father actually got his PhD from the University of Maryland–I was born there. Small world! So then, tell us how you objective up at Microsoft.

Maria: I didn’t find academia very rewarding. So, I said, “Let’s go find an industry job.” I was living in the U.S. with my fiance on a student visa. And in the D.C. field, most engineering corporations are government contractors that require security clearances, which simply American citizens are able to obtain. I likewise didn’t have any industry experience whatsoever.

I spent a couple months applying for jobs and never getting called back. Then out of the blue, I got a LinkedIn message from a Microsoft recruiter saying,” Hey, I has played a role for a data scientist on the Safety Platform team in Seattle.” And I was like, “Seattle, no, no way.” All I known about Seattle is that it rains a lot, and it’s on the other side of the country. And it’s so far away from Spain. But my husband said,” Hey, you got an interview, go do it, see how it goes, you’ll get to practice .”

Alex: In the Safety Platform team, you did innovative work that has been the underpinnings of the success we’ve had so far. Tell us a little more.

Maria: I worked on machine learning to detect compromises in real-time for Microsoft accounts. When a user signed into their account or Xbox account, or any service Microsoft offers, we would run a machine learning( ML) simulate is required to determine whether that sign-in was legitimate, or if some hacker had get the user’s password. I was the data scientist working on training the model and improving its accuracy. Although I stopped working on it a while ago, we’re still monitoring it and it’s still working really well.

Alex: At the time , nobody else in the industry was succeeding at this kind of work. Today, there’s a whole industry around user entity behavioral analytics, but you were one of the first in the world to do it! I desire the run your squad does, Maria. I feel like you are superheroes protecting the world countries, but I don’t know that our patrons have a great view into the kind of magic you do.

Maria: Thanks, Alex. We use analytics and machine learning to detect bad activity in the identity ecosystem. Our goal is to protect our patrons from fraud and account compromise use advanced AI techniques and data science. We come up with ways to detect malicious attempts, hoax, or report compromises among all the security data that we are reviewing at Microsoft, which is hundreds of terabytes every day. It’s a complicated trouble, but it’s really cool.

Alex: Some of your most innovative work recently was around password spray detection. Can you tell us how having data from multiple patrons enables you to detect things maybe no one else could?

Maria: In a password spraying onslaught, a person grabs a list of mailing address that they find or accumulate from a violate. And then they try a few common passwords against all those email addresses–against thousands of users from thousands of organizations.

We knew these attacks were happening to our clients, but we wanted to detect them actually accurately. These attempts are spread across tons of different IP address and country level proxies, so it’s not easy to isolate the sign-ins that are part of an actual assault. We made a detection rule that says, “Okay, we’re ensure IP addresses that have a lot of failed sign-ins that all are using the same password.” And then we determine these strives move to a different password.

Doing that, we can isolate a possible attack, but there’s also a lot of interference. So, one of the awesome data scientists in my team, Sergio, added a layer of artificial intelligence and trained a model with known onslaughts. He improved the accuracy of the initial heuristic by 50 percent.

Alex: This is such an important key decide of capabilities for us. I’m really excited we’re developing your squad. Switching gears, one other thing that you and I share in common is the joy of being the mother of twins. My twins are obviously a lot older than yours, but tell us how you manage the challenge of, “Hey, I want to be a family person and I likewise want to be a real leader in the industry.”

Maria: I’m still figuring it out! It’s definitely a lot of work and you have to learn to better manage your time in order to be successful at both chores. Luckily, Microsoft offers great parental leave that both my husband and I could enjoy( he’s an technologist in Azure ). I have an amazing squad and they kept things operating truly smoothly in my absence. Likewise, running remotely because of the pandemic has made things easier for me. I can check on my kids in between meetings, and not having a commute gives me more time to be with my family.

Alex: The pandemic must surely accelerated the move to remote work. As a mother, I think it’s a beautiful thing to be able to manage your time and not have to worry about your location.

So, Maria, one last question. Let’s say I’m a university student, or perhaps I’m working on my master’s or PhD in data science and AI. If I wanted to come work on your team, what would you suggest I work on or think about to prepare for that kind of job?

Maria: One good approach is to find an internship that has some connection between doing data science and security and fraud, even if it’s just loosely related. Right now, there are so many people studying data science and machine learning, so specializing and truly understanding the world of the cloud and cybersecurity is important. There are tons of available resources just to learn about it, such as specific courses in cybersecurity. An internship doesn’t have to be specific to hardcore security–it could be fraud, like finance scam. Anything in an adversarial-type world where you’re trying to catch bad things happening would be useful. Internships are easier to get without any kind of specialization but having done an internship gives you a foot in the door for a full-time position that specializes in cybersecurity. In addition, Microsoft Security patrons many cybersecurity educational programs and I would encourage women in high school to investigate these.

Learn more

To learn more about Microsoft Security answers visit our website . Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Security Unlocked podcast icon displaying illustration of lock with microphone inside

Listen to the Security Unlocked podcast

To learn more about applying data science to cybersecurity, listen to Maria’s guest appearance on the episode Identity Threats, Tokens, and Tacos.

Listen now

The post How one data scientist is pioneering techniques to detect security threats seemed first on Microsoft Security .

Read more: