In the past year, I found myself immersed in the multi-billion dollar digital advertising industry. This gave me the opportunity to investigate the unique security challenges and issues facing the industry. It was a shock to me at first how complex the advertising ecosystem was particularly in the advent of programmatic advertising. But I dove in head first and learned a lot which I would like to share with my fellow security professionals. During this time, I got involved with unscrupulous publishers, apathetic ad networks, angry advertisers and activist malware researchers. I encountered self proclaimed experts with fantastic claims, vendors using scare tactics, and a glaring disconnect between the security and ad tech worlds.
In this presentation, I would like to be able to provide the audience with my experience plus a number of things. Among which are:
Mark Ryan Talabis is the Chief Security Scientist for zVelo Inc where he conducts research on advertising fraud and non-human traffic. He is also formerly the Director of the Cloud Business Unit of FireEye. He is an alumni member of the Honeynet Project and a member of the anti-malware working group of the Interactive Advertising Bureau (IAB) where he is contributing in the promotion of threat intel sharing across the advertising industry. His current work focuses on helping the advertisers and ad networks in finding ways to identify non-human traffic through various browser impression and behavioral based anomaly detection techniques. This also includes work on detecting various impression and click padding techniques by unscrupulous publishers. He is a graduate of Harvard University and is a co-author of two books from Elsevier Syngress: "Information Security Analytics: Finding Security Insights, Patterns, and Anomalies in Big Data" (2014) and "Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis" (2012). Techniqies He has presented in various security and academic conferences and organizations around the world including Blackhat, DEF CON, Shakacon, INFORMS, INFRAGARD, ISSA, and ISACA.