Downtown Brooklyn’s TWOSENSE.AI selected as finalist for city’s Global Cybersecurity Competition
We asked cofounder Dawud Gordon what it means that the company’s motto is, “The Password is You.”
September 10, 2019
This August, the New York City Economic Development Corporation announced the finalists for the city’s NYCx Cybersecurity Moonshot Challenge. From 169 applications, the Mayor’s Office of the Chief Technology Officer and the NYC Cyber Command announced ten finalists as part of a $100 million public-private investment aimed at transforming New York City into a global leader of cybersecurity innovation and talent. One of the finalists is Downtown Brooklyn’s TWOSENSE.AI, led by longtime Brooklyn resident Dawud Gordon. We caught up with Dawud recently to hear about his plans for making people’s habits their own personal passwords.
Downtown Brooklyn Partnership: What does TWOSENSE.AI do?
Dawud Gordon: TWOSENSE.AI is solving the largest problem that we have right now: building secure digital infrastructure that is usable by human beings. The biggest problem with that is that the way the internet evolved over time, the responsibility of showing that you’re authorized to do whatever you’re trying to do is yours. You have to do the work to demonstrate to the system that you’re the right person.
DBP: How does that work in everyday life?
DG: It can be as simple as having to type a username and password to access a website or application, or as annoying and complex as having a two factor identification system where you have to get a text message, or even sometimes have to call a call-center. Either way, it’s your responsibility to do the work.
DBP: How is TWOSENSE.AI solving that?
DG: TWOSENSE.AI is trying to replace human effort with artificial intelligence. We’ve built a system of AI that enables any system to recognize you by what you’re doing. So the responsibility is no longer the user’s but the system’s. So we can build secure systems that are continuously checking to make sure it’s you and we can do that without making you do any work.
We’ve built a system of AI that enables any system to recognize you by what you’re doing. So that the [login] responsibility is no longer the user’s but the system’s.
DBP: How could software know if it’s me or not?
DG: We look at a number of different aspects of human behavior. How you type, the speed and cadence and variability of how you type, the acceleration and deceleration of every mouse movement. On mobile devices we can look at someone’s gait, the length of someone’s stride or the impact of their footfall as measured by a motion sensor embedded in every device. We can look at how you swipe across the screen, different app usage patterns, locations that someone frequents - so-called patterns of daily life. We can factor all this in with the time of day and we can do all of this without having to know your name or your email address and, in fact, we prefer to have no identifying information whatsoever.
DBP: So all this data that phones and computers snatch from us, you are using it to teach the devices whether or not it’s actually me signing in?
DG: For us as a business, we’re really focused on helping companies secure their infrastructure for their employees. For a user, as soon as the software is rolled out, you don’t really notice any difference. However, over the next days to weeks, as our AI learns you, all of your work infrastructure, all the apps you use, they start becoming easier for you to use and you start noticing there’s less two factor authentication challenges, there’s less pop-ups on your phone to access your work stuff.
DBP: How can you know if I’m moving my mouse differently from someone else?
DG: So we can know that by having a data set on you, where we don’t really know that it’s you, just a unique hash of an ID that tells us it’s a user. Then we have that same data for thousands of other users, and what we can do is build artificial intelligence using techniques like deep neural networks that we can deploy on top of this data set and ask the algorithm what, for example, mouse movements make a person unique among all users.
Inside TWOSENSE.AI’s Downtown Brooklyn office
DBP: Can you tell us about some of the success you’ve had with this?
DG: Our largest customer right now is the United States Department of Defense, and, while we can’t talk too much about it, we’re working with them to make employee identity, of which they have 4.7 million, something that is continuously secured but at the same time frictionless for the authorized user. Out of that we’re looking for further private sector applications of this. One of them is a hospital here in New York that we’re helping also to solve the same problem of getting rid of friction on the user side while at the same time keeping accounts secure. As part of that, we were discovered by the New York City Cyber Command as part of a program they had to look for partnerships with forward-thinking startups for creating a platform to help New York City’s small and medium enterprises secure their infrastructure in a way that’s sustainable. That’s really what their goals are and why we’re one of the finalists in that challenge.
DBP: With the challenge, where do you think you can help small and medium sized businesses?
DG: The numbers show, and this is coming from Gartner [a technology research firm] not from me, that 82% of all damages that happen as a result of cybercrime start with human error and compromised identity.
DBP: Give us an example?
DG: An example is spear phishing, where I hit you with an email that looks like it’s from your employer and you click on a site that’s not really your employer’s website. Because of the difficulty that’s involved in solving for that and making users do the work, we don’t have it really locked down, cybersecurity-wise.
DBP: So you’re not trying to prevent phishing attacks, you’re trying to make them useless?
DG: Yeah. So there’s all kinds of attacks like this: account-takeover, device-takeover, man-in-the browser, all these different attacks are all symptoms of the same fundamental problem, which is that we can’t secure identity, and so we’re looking at working with New York to change that paradigm for small to medium-sized enterprises so that they really have a chance to lock down their employees’ identities and secure their infrastructure.
[Downtown Brooklyn] is more vibrant. There’s better food, there’s good events around here. I end up having to go into the city a lot less than I thought I’d have to.
DBP: You and your co-founder John Tanios are both Brooklyn residents and you chose to base the company here. Why?
DG: Yeah, we’re 8 employees right now, of which more than half live in Brooklyn, in this immediate neighborhood. I’m in Gowanus, and for us it was really a logistical question of where do I live, where does my cofounder John live and where could we get to easily that would give us easy access to the city, where we have to take a lot of meetings. And we wanted to be in Brooklyn, which we like.
DBP: Are there benefits to being in Downtown Brooklyn aside from just the proximity of your commute?
DG: I think so. I think the place we’re sitting right now [MetroTech Commons] is really nice. I have a one-on-one with every employee and having the waterfront so close and being able to walk up and down the waterfront is a great thing. Specifically about Downtown Brooklyn, it’s obviously a bit cheaper than Midtown, and I think the area is more vibrant. There’s better food, there’s good events around here. I end up having to go into the city a lot less than I thought I’d have to.
DBP: You said a lot of your employees live around here. Is that by coincidence or not?
DG: When we moved to Montague Street, I was living in Gowanus already, we had one employee who was in Lower Manhattan, one who was in Bushwick, and John is down south in Dyker Heights. And so we looked for a place where John, who is carrying all of the technological progress on his shoulders, could maximize his time in the office. Every minute that he has to commute is time that we don’t have him in the office, which is devastating, so we really focused on a place that was easy for him to get to and everyone else can reach. And now, the people we’ve hired since then have all looked for places near the office. So regardless of what comes, whether we stay in WeWork, whether WeWork is around in six months, we’re going to be in this neighborhood.
An end to passwords could be near, a new world where our devices prove who we are rather than us having to prove who we are to our devices. And if such a future comes to pass, it will be in no small part due to the work done here in Downtown Brooklyn. We congratulate TWOSENSE.AI on their success so far and to the city for recognizing their work. Best of luck, TWOSENSE.AI!
To find out more about Make It in Brooklyn and stay in the loop about events and opportunities, sign up to the Make It in Brooklyn newsletter to receive the latest news and updates.