Avoiding the over-engineering of a use case
I once worked with a user where we discussed different use cases for anomaly detection. In particular, this customer was building a hosted security operations center as part of their managed security service provider (MSSP) business, so they were keen to think about use cases in which ML could help.
A high-level theme to their use cases was to look at a user's behavior and find unexpected behavior. One example that was discussed was login activity from unusual/rare locations such as Bob just logged in from Ukraine, but he doesn't normally log in from there.
In the process of thinking the implementation through, there was talk of them having multiple clients, each of which had multiple users. Therefore, they were thinking of ways to split/partition the data so that they could execute
rare by country for each and every user of every client.
I asked them to take a step back and said, "Is it worthy of an anomaly if anyone...