Podcast

Give Analysts Exactly What They Want

Posted: 2nd November 2020
By: CAITLIN MATTINGLY
Give Analysts Exactly What They Want

Our guest today is Paul Battista. He is CEO of Polarity, a firm which brings what they refer to as a memory augmentation platform to incident responders and other security professionals.

Paul Battista’s career includes a broad spectrum of experience, from protecting Wall Street financial organizations to briefing top White House officials as an intelligence officer in the CIA. We’ll learn how being stuck inside during a blizzard led to his creating a popular app, and how that experience opened his eyes to the possibilities of augmented reality and, eventually, to the founding of Polarity.

This podcast was produced in partnership with the CyberWire.

For those of you who’d prefer to read, here’s the transcript:

This is Recorded Future, inside threat intelligence for cybersecurity.

Dave Bittner:

Hello everyone, and welcome to episode 182 of the Recorded Future podcast. I'm Dave Bittner from the CyberWire.

Our guest today is Paul Battista. He is CEO of Polarity, a firm which brings what they refer to as a memory augmentation platform to incident responders and other security professionals. Paul Battista’s career includes a broad spectrum of experience, from protecting Wall Street financial organizations to briefing top White House officials as an intelligence officer in the CIA. We’ll learn how being stuck inside during a blizzard led to his creating a popular app, and how that experience opened his eyes to the possibilities of augmented reality and, eventually, to the founding of Polarity.

Paul Battista:

I'm one of those few who actually went to school for information security. I majored in Economic Crime Investigation, but I had a focus in Computer Forensics and Computer Security. There was an inflection point during my schooling where a combination of procrastination and urgency forced me to learn a lot in a very short period of time. I had an assignment that was due and instead of doing my assignment, I decided to install this new operating system that was just released called Gentoo Linux. I did what they call a stage one install which is basically you're compiling the Kernel from almost nothing. It took me about 30 hours. So while I was supposed to be working on a paper, 30 hours later and many, many Red Bulls later, I had a working operating system. And it was really difficult but forced me to learn.

And shortly after I did the exact opposite where I switched to a bootable distro called Knoppix-STD which is one of the precursors to what many folks, probably listeners here are familiar with Kali Linux or BackTrack Linux. And I just came ready to go and I essentially became a script kiddie, but was still learning nonetheless. And it made me take a look at how both difficult and easy it can be to be in this profession. As long as you're learning, you can make big strides really fast in short periods of time.

The next stride that I made was taking the SANS Course 504 with Ed Skoudis and compacted into a week was just so much learning.

Dave Bittner:

Did you get that assignment in that you were craftily putting off?

Paul Battista:

I did. No sleep, but I did get the assignment done.

Dave Bittner:

Okay. All right. Very good. So where did you end up next?

Paul Battista:

I did a couple of internships. I did an internship with the New York State Attorney General's office. And I like to talk about this one because anytime someone comes to me and says, oh we're not making any progress in information security and the field is so stagnant, I remind them that it was less than 20 years ago I was sending letters to large banks encouraging them to use encryption for their online banking. Banks needed to be told years ago that, hey it's probably a good idea to encrypt a username and password. And so that was one of my first actual professional jobs. It was an internship with the New York State Attorney General's office. And then I went on to work for the company Dolphin Technologies. It was out of an Air Force Research Lab in Rome, New York, but they sent me as an ambassador to Connecticut State Police. And I did research in computer forensics techniques and tools, trying to help folks be more efficient.

Dave Bittner:

Eventually that led you to the CIA. Was that a direct path? What was the journey that took you there?

Paul Battista:

Yeah, so I think it's worth talking about the path as there's some bias here, but I definitely recommend this path to anyone getting into information security. After working a bit in the legal space and law enforcement, I went on to do consulting work. I worked for a firm called Protiviti out of New York City. And I was doing mostly penetration testing, doing some incident response, really whatever needed to be done for our customers, for our clients. And that stop was very beneficial in that you get to see how many different enterprises do security and the problems that they face, not just the threats but the actual logistical problems and controls that could slow the business down in that balance. And so you get that grounding.

I highly recommend anyone just getting their start in information security to consider a position in consulting because you don't know what you're going to get thrown at next and that's a good thing because you're again forced to learn. From there I went on to Aetna, now CVS, but it was Aetna at the time. I was a Senior Security Engineer for them. I did a lot of assessments and very similar work to the penetration testing side but more specific to either companies we were acquiring or applications we were considering release before making the jump over to CIA.

Dave Bittner:

So what led you to the CIA then? What was it? Did they woo you or was that something you pursued on your own?

Paul Battista:

It was a combination. I would say mostly I pursued on my own. So a traditional application going in on the website, but what changed or why I'd say a little bit of wooing is where I landed in my first interview was not necessarily where I ended up. So, I interviewed with the traditional Security and Controls team and they were good about saying, "Hey, I don't think you're a fit, but there's this other team that we have here where you probably are a good fit." And so that was nice about moving the talent to where the talent should be. And even when I started there probably a year or more after that with security clearances and whatnot, it was still not the right place. So a large organization like that and still didn't land in the right place but again had a good management team that got me working on problems that motivate and challenge.

Dave Bittner:

So when you say still not the right place, was it just not right for you or were you unhappy there or was it just not the right set of challenges? What was going on there?

Paul Battista:

Yeah, not the right set of challenges. So again as an organization so large, recruiting machines are trying to find good talent and they can't talk about the problems that they're solving because of the classified nature of them. The combination of not being able to talk about it before someone's hired means you might end up on a team that from the title sounds appropriate, but from actual work might be slightly off. But the nice thing to the credit of the CIA is that they figure out where people need to be. And even if it takes ... For me it was pretty much immediately moving to different teams of where I needed to be working. But the nice thing is you can spend an entire career at that organization and do a whole bunch of different roles and jobs and not make it, not have it feel like one job because they're good about moving talent around.

Dave Bittner:

What was the culture shift like for you to go from the private sector into an organization like the CIA, very mission-focused?

Paul Battista:

I'd say perspective changing. So having done security for large enterprises, both as an engineer and as a consultant, you definitely get hung up on the social security numbers and the credit card numbers that could be lost and some of the IP that you're concerned about. And when you end up on a different type of mission of national security and threat to human life, it definitely changes your perspective on what's important and how to prioritize.

Dave Bittner:

And so how long were you with the Agency and what ultimately made you decide to move on?

Paul Battista:

Good question. So I was there about five years and there was an agreement with the wife before taking that position that it would only be two years and we'd be moving back to be closer to family as we started a family of our own. And that two years turned into three, turned into four, turned into five as it was very much a dream job and a combination of Snowmageddon, I would describe it as this time where if you remember the government-

Dave Bittner:

I remember.

Paul Battista:

... Was pretty much shut down for a week. And I had the week off. I was not finding my way into the office that week. And I started a video game. I wouldn't say I started a video game company. Let me rephrase that. I wrote a video game on a second gen Android phone and did it in about a week, and had a working prototype. It was pretty darn ugly, but I had a working prototype in about a week. Went back to work when it opened back a week later, I released it and got a taste of that, all right, well, you can be successful building things on your own.

I didn't realize at the time that I was extremely lucky. I didn't make millions off that app. I was selling it for a dollar a piece, but I made thousands and it was someone else doing my marketing for me. So the application was an augmented reality zombie shooter. So you held up your cell phone, zombies would come at you through the phone and you'd have to shoot them before they reached you. And, it was one of those, oh, if you build it, people come and they came. But there was The Walking Dead and there was Zombieland and there was this culture of zombies growing on its own doing my marketing. So that was a taste for, hey, we can build something and be successful.

We did another game after that, but it was not as successful, so we did a failed Kickstarter campaign. Over time interest in that game grew, but we started a services company into what became Polarity. And that was well on its path by the time that other game started to take off. We said we don't have the time to invest in what that truly needs and we focused on Polarity.

Dave Bittner:

So what is it like, can you give us some insights when someone decides to leave an agency like the CIA, are there complications there? Is it a drawn out process? When you're someone who has a clearance, what goes into that?

Paul Battista:

That's a good question. I don't think it's always the same answer. For me, I went on leave before I officially cut ties. So I had a conflict of interest. We were not very focused on government sales out of the gate after leaving. And that meant that on paper I worked there even longer, but in practicality I was on leave. And I think that's my specific path, but I think there is a path to cutting ties quicker or drawing it out. If the next 9/11 had happened, I'm sure I would have been right back in the office to help out any way I could. Thankfully that didn't happen. And so the transition period for me was over years.

Dave Bittner:

You have that entrepreneur bug and you've got some success. What prompted you to make that leap to say, okay, let's build a company, let's build Polarity?

Paul Battista:

It was the aha moment of looking at an incident response process and seeing, to talk right through it, seeing the total number of indicators and assets involved just grow and grow over time to the point where, we weren’t savants doing the investigation, so we didn't have everything memorized. So what we did was we put it on a whiteboard. The whiteboard eventually filled up and we said, all right, we're on a whiteboard now, what do we do? We took a picture with our cell phone. We filled up another whiteboard and on the second picture, there was that aha moment of, okay, there's got to be a better way here. And in order for us to truly be thorough as we're doing this investigation, we need to know everything on that whiteboard.

We need to know all the host names, all assets, all the command and controls that the adversary is using. And if we don't, we're not doing our job appropriately. So that, well, the little bias in augmented reality and computer vision from the past video game came into, hey, well, what if the second I had an IP or a host name or you name it string on my screen that I wanted to remember if it could be highlighted or if I could basically automatically be told that it's part of this or it's new? So that moment gave us the idea of Polarity and I spent some time building a prototype and convinced some folks to jump in and follow and join me on the mission. So I brought on two co-founders and we started, essentially became a new company, not that services precursor. So Ed Dorsey and Joseph Rivela joined me as co-founders. And we've been growing this since and again convincing other people to follow us and join the team and build what Polarity is today.

Dave Bittner:

Yeah. It's fascinating to me how many companies, how their origin story includes the founders being frustrated that a certain tool or functionality or something that they wish they had just simply doesn't exist. And they say, well, if I need this, then maybe lots of other people do too.

Paul Battista:

Yeah. I think that makes it real. The start-up path is definitely not easy and requires a lot of work. So if you don't feel the pain that your customers are going to feel, it's going to be hard to stay motivated through all of it. The first couple of years for us was landing a couple early customers and really taking what was a prototype in an idea and building and doing the grunt work of the algorithms that needed to be built to make this practical. So what we're doing requires high, high optimization. So we needed to recruit people on the team that were former high frequency trader developers. We brought on someone on the computer vision side who, prior to Polarity, was in Antarctica tracking marine life as it swam underneath ice shelves and identifying that with computer vision. So the road to getting the talent that's necessary to build what becomes the true company in the end is arduous. So if you don't feel that pain yourself, it can be, I would imagine, even more difficult.

Dave Bittner:

Just so we're all clear here. What is the pitch? What's your elevator pitch on Polarity?

Paul Battista:

For us, it's around thoroughness and speed. So we've recognized and this goes back to our time in CIA as well and in penetration testing when we were consultants. You have the two prototypical analysts. You have the analyst who is really thorough, dives down every rabbit hole, looks and finds for every path that's possible, but they take a long time to get it done. This is the person that would go back to that whiteboard and check every single time something new comes in. They're checking every single one to make sure they're doing an extra thorough job. And then you have the other analysts. This is probably where I fell. You have the other analyst who operates on gut instinct a lot, is not a 100 percent thorough, but gets the job done much quicker, but it's not because-

Dave Bittner:

He's too busy installing Linux, right?

Paul Battista:

Yeah. He's installing Linux when he should be working on his assignment. So you have that analyst. And so for us, we said, well, how can we take the qualities of that first analyst and instead of making their thoroughness 90 percent or 99 percent, let's make them 100 percent thorough on the data they care about and speed them up while we do it. So instead of that decision usually costing time, let's give them a productivity boost.

So if we can make someone more thorough and faster at the same time that's extremely valuable to an industry in information security where we're understaffed, it's hard to find talent. The type of data we deal with was meant for machines to know and recognize things like file hashes and IP addresses. They're more machine-readable than they are human-readable. So let's really enable those folks.

Dave Bittner:

Are there any lessons that you've learned along the way as the product has been put in front of users based on their feedback? Have you had any aha moments like oh people are using this in perhaps ways we hadn't expected or we need to make some adjustments here to maximize the value they get out of this?

Paul Battista:

Yeah. Lots of aha moments along the way, both aha moments from we didn't think folks would use it that way and the use cases come out or the success stories come out. So I always love hearing customer success stories where we surprised them and they didn't expect Polarity was going to highlight something. It highlighted something and it changed their belief on that thing. Whether that's kicking off a new investigation or the way they handle an investigation to handle it slightly different. And then, yeah, learning from what enables an analyst perspective.

So one of the things that we haven't crossed the line or we have tested crossing the line, but learned to really hold the line was not being too much of a suggestion engine. So you can guess at what analysts want, but we found that the better path is to let analysts subscribe to the exact data they care about and give them exactly what they want. And don't try to be more on the AI suggestion side of things, because you could end up being a distraction, even if you're right and give them great information, 80 percent of the time or 90 percent of the time that 10 percent is still a distraction and is going to slow them down. So let the analysts choose the data they care about and then give them exactly that data when they need it.

Dave Bittner:

What advice do you have for people who are starting out, thinking about getting into this industry? You've had a really broad spectrum of experience, so any words of wisdom?

Paul Battista:

Information security now is one that has many aspects from threat hunting, threat intelligence through SOC and pen testing and exploit development. There's a lot of different places to go all the way through policy and vendor management. I would say there's enough topics that you should pick the one you're passionate about and dive into that one first rather than try to be broad. So specialize. Find an area to specialize in. That's probably some start-up advice mixed in there. Brand yourself.

And as I mentioned, consulting is a great place to start your career because you're going to see in a short period of time a lot of different environments and different ways that customers do work. You'll also have some talent nearby to learn from. So I would definitely recommend starting your career in consulting. I am biased because that's where I did it, but I think it worked out well and I'd recommend it. And of course, if you have the itch to do some government service, please give back to your country.

Dave Bittner:

Our thanks to Paul Battista from Polarity for joining us.

Don't forget to sign up for the Recorded Future Cyber Daily email, where every day you'll receive the top results for trending technical indicators that are crossing the web, cyber news, targeted industries, threat actors, exploited vulnerabilities, malware, suspicious IP addresses, and much more. You can find that at recordedfuture.com/intel.

We hope you've enjoyed the show and that you'll subscribe and help spread the word among your colleagues and online. The Recorded Future podcast production team includes Coordinating Producer Caitlin Mattingly. The show is produced by the CyberWire, with Executive Editor Peter Kilpe, and I'm Dave Bittner.

Thanks for listening.

Related