Head of Security Analytics Eduardo Bárbaro 

Having studied and worked in the academic world for ten years, Eduardo felt it was time for a change. He’d done his PhD in Atmospheric Physics at Wageningen University and Research in the Netherlands, which he says provided him with “ingenuity, curiosity and grit. But I didn’t know anything about how businesses work.” Time to break out of the bubble and do something different.

Forerunner role in cyber security

Following various other roles, including at a start-up and in consultancy, Eduardo is now Head of Security Analytics at ING, where his taste for innovation – combined with his knowledge of data, mathematics, modelling and research methods – found fertile ground. “Additionally, ING’s forerunner role in applying analytics in cyber security was – and still is – very appealing to me,” states Eduardo.

Phenomenal team

“Artificial intelligence, applied statistics, and advanced data analytics are all used to detect and prevent cyber security attacks. I find it immensely interesting to work with all these advanced tools to contribute to keeping the bank safe for customers and society. My phenomenal team and our colleagues in different tech hubs in Europe make my work even more enjoyable.”

Improved anomaly detection method

A great team was also set up around the research case Eduardo spoke about at the Black Hat Europe conference. He collaborated with an MSc student and two researchers from TU Delft to develop VoBERT, an improvement on BERT (Bidirectional Encoder Representations from Transformers) models. VoBERT is an anomaly detection method like BERT, with the additional ability to better recognise “not-identical” but “similar” logs. Therefore, it can accurately classify unstable logs that traditional BERT-like models would deem out-of-vocabulary.

Find the ‘weird’ among the normal

Eduardo clarifies: “A very good way to do security detection is to look at anomalies. You want to find the ‘weird’ among the normal stuff. We found a smart way to do so and broke the typical rigid approach to detection that assumes ‘every anomaly is bad’. Whereas BERTs would indicate, ‘We expect X here, but we see Y; it deviates, so therefore, it’s bad’, VoBERT knows that, albeit different, X and Y mean the same thing. VoBERT understands that ‘different doesn’t necessarily mean malicious.’ That refreshing approach is quite unique in our field.”

Industry meets academia

Eduardo really enjoyed sharing the team’s findings at Black Hat Europe. “In cyber security, one of the most important things is to share best practices. We are all in this together and share the same goal: keeping society safe and secure. So, I hope the attendees will benefit from the knowledge and insights we got from our case and that they will see how valuable it is when industry and academia work closely together. Research brings thorough methods, and industry provides real-world data. It’s the meeting of two great worlds.”