Moving Big-Data Analysis from a ‘Forensic Sport’ to a ‘Contact Sport’ Using Machine Learning and Thought Diversity


Data characterization, trending, correlation, and sense making are almost always performed after the data is collected. As a result, big-data analysis is an inherently forensic (after-the-fact) process. In order for network defenders to be more effective in the big-data collection, analysis, and intelligence reporting mission space, first-order analysis (initial characterization and correlation) must be a contact sport—that is, must happen at the point and time of contact with the data—on the sensor. This paper will use actionable examples: (1) to advocate for running Machine-Learning (ML) algorithms on the sensor as it will result in more timely, more accurate (fewer false positives), automated, scalable, and usable analyses; (2) discuss why establishing thought-diverse (variety of opinions, perspectives, and positions) analytic teams to perform and produce analysis will not only result in more effective collection, analysis, and sense making, but also increase network defenders’ ability to counter and/or neuter adversaries’ ability to deny, degrade, and destabilize U.S. networks.


Photo of Aaron Ferguson

Information Assurance Directorate National Security Agency

Dr. Aaron J. Ferguson is currently serving as the Deputy Technical Director (TD) of the Fusion, Analysis, and Mitigations (FAM) Deputy Directorate at the NSA. As TD, he is responsible for providing technical leadership to the FAM leadership team, personnel, and missions, including analytics, systems and technology analysis, and operational analysis and mitigations. Dr. Ferguson holds a B.S. in Electrical Engineering from Howard University, an M.S. in Operations Research from the University of New Haven, and an M.A. and Ph.D. in Applied Mathematics and Statistics from the University of Delaware. His personal expertise areas include machine learning, software engineering, systems engineering, and risk assessments.

Photo of Natalie M. Evans

Information Assurance Directorate National Security Agency

Natalie M. Evans Harris is a cybersecurity leader at the NSA, with over 14 years’ experience in the public sector. Currently, she is forward deployed to Capitol Hill as a Brookings Fellow, responsible for Senator Cory Booker’s Cyber and Technology Innovation initiatives. Prior to this deployment, she led a tradecraft development organization responsible for creating big data analytics. During her tenure with NSA, she has been responsible for developing and deploying cyber-defensive solutions to warfighters and coordinating support between the NSA and the Department of Homeland Security. In addition to her work with NSA, Ms. Evans Harris is an adjunct professor for the University of Maryland University College, where she composes and teaches information systems security courses. She holds a Master’s in Public Administration from George Washington University and two Bachelors’ of Science Degrees, Computer Science and Sociology, from the University of Maryland Eastern Shore.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.













Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.


Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
  • 757.871.3949