SlaytonNichols logo

A Working Toolkit for Ambiguous, Data-Heavy Problems

The trading bot journey is the project itself: a Transformer + Mixture-of-Experts model on Bybit microstructure data, the diagnostic experiments that ruled out the strategy class, and what came out of it. This post is the methodology layer — the tools I now reach for by default on any ambiguous, data-heavy problem, regardless of domain.

A note on where I’m coming from, since it shapes the rest of this. My formal math is algebra and applied statistics — no calculus, no statistics class on the transcript. I built this project anyway, and it left me confident that I have enough math to measure the things I need to measure and to think the way the work requires. A lot of ML writing makes the math sound much harder than it is. The tools below are the ones I actually used. Most of them are simple. The leverage is in applying them with discipline.

A second note on how I learned a lot of this. Working alongside AI tools throughout the project was a meaningful part of the picture — not because they wrote the code for me, but because watching a capable model reach for a particular tool in a particular situation taught me when to reach for it myself. It’s the same thing as sitting next to a senior engineer and noticing they pull out walk-forward validation the moment the data has a time axis, or that they write the feasibility math before the training script. Seeing the move made in context, repeatedly, is how the pattern becomes yours. A good chunk of the toolkit below is mine now because I watched it get used well, then used it myself on the next problem.

1. Feasibility math, before any model math

Before training anything, write down the back-of-the-envelope:

expected value per decision = expected payoff − expected cost − expected slippage − adverse selection

If that number isn’t positive with margin, no amount of model tuning saves it. In trading the costs are fees and adverse fills. In a content-moderation system the cost is the false-positive rate times the user-experience hit. In an internal automation it’s the cost of a wrong action times the recovery time.

The discipline is doing this before you write training code. The L2 work in Part 1 had a real signal — roughly 55% directional accuracy — but ~4 bps of best-case fees against a similar-magnitude per-trigger payoff meant the math was always tight. A 20-minute calculation up front sets the right expectations for the work that follows.

Transfers to: any decision system where actions have asymmetric costs. Recommenders, classifiers with human review, automated remediation, anything with a “should we act?” gate.

Adjacent (not used here): Parent area — decision theory under uncertainty. Siblings — expected utility (when payoffs aren’t linear in money), Kelly sizing (when you control bet size and have an edge estimate), CLV/LTV math (same EV equation, longer horizon), opportunity cost framing (when the alternative isn’t “do nothing”).

Common-sense versions: cost-benefit analysis, break-even analysis, ROI estimation, unit economics, payback-period thinking, opportunity-cost comparisons. All variations on “write down the inputs and outputs in the same units before deciding.”

2. Normalize, clip, and clamp — defensively

Three small operations that absorb most of the damage real-world data does to a model:

  • Normalize so features are on comparable scales. Save the normalization stats with the model artifact, not in a sibling config file. Drift between training stats and serving stats is one of the most common ways a “good” model produces bad predictions in production.
  • Clip outliers to a percentile band before they corrupt your gradients or your statistics. Real data has bad ticks, missing snapshots, exchange glitches, sensor spikes. A np.clip(x, lo, hi) at ingestion is often the difference between a model that trains and one that doesn’t.
  • Clamp outputs to the range that’s actually meaningful. A probability head should be [0, 1]. A bps prediction shouldn’t be allowed to output 10,000. Cheap insurance against a single weird input torching a downstream consumer.

Transfers to: any pipeline where the inputs come from the real world. Sensor telemetry, log ingestion, third-party API responses, user-submitted data — all benefit from the same three-step defense at the boundary, before the rest of the system has to assume the data is sane.

Adjacent (not used here): Parent area — feature preprocessing and data hygiene. Siblings — standardization vs. min-max scaling vs. robust scaling (median/IQR for heavy tails), winsorization (a softer cousin of clipping), Box-Cox / Yeo-Johnson power transforms (when distributions are skewed), quantile transforms (when shape matters more than scale), imputation strategies for missing values.

Common-sense versions: input validation, range checks, type checking, defensive defaults, sanity assertions. All forms of “don’t trust data crossing a boundary until you’ve verified its shape.”

3. Walk-forward validation, not random holdouts

The single highest-leverage discipline for time-structured data. Random train/val/test splits leak information across time and inflate offline metrics. Walk-forward training trains on [t0, t1), validates on [t1, t2), then rolls the window forward and repeats.

In Part 1, an experiment called C6 hit +2.32 bps on a single test split. Across 5 independent walk-forward folds the median collapsed to +0.93 bps, with two folds going negative. The single-period number was period-specific luck. The fold distribution was the real picture.

The general rule: if your data has temporal structure (almost all real data does), validate across multiple time windows and report the distribution of outcomes, not the headline.

Transfers to: any model evaluated on data that comes from a moving world. Demand forecasting where last quarter’s mix isn’t this quarter’s. Fraud detection where attackers adapt. Churn models trained on a cohort whose behavior shifts. A/B tests interpreted as if the underlying population were stationary when it isn’t.

Adjacent (not used here): Parent area — model evaluation under non-stationarity. Siblings — expanding-window vs. rolling-window walk-forward (mine was rolling), purged k-fold with embargo (when labels overlap in time), nested cross-validation (when you’re tuning hyperparameters too), blocked time-series CV, backtesting on out-of-sample regimes you’ve explicitly held out.

Common-sense versions: train/test splits, holdout sets, cross-validation, A/B testing, before/after comparisons. The shared idea is keeping evaluation data separate from the data the system has already seen.

4. Monte Carlo simulation and distributions

You usually don’t care about the mean. You care about the tails.

A Monte Carlo simulation is a clean way to ask “what range of outcomes should I expect?” Take your model (or strategy, or business process), simulate it thousands of times under realistic noise, and look at the distribution of results.

For the trading work: given an empirical per-trade P&L distribution and a daily trade count distribution, simulate 10,000 30-day futures. The output isn’t “expected P&L is X.” It’s “the 5th percentile is Y, the median is Z, the 95th is W, and here’s the probability of breaching the drawdown cap.” That’s actionable; a point estimate isn’t.

The mechanics are simple — sample with replacement, run the rules, accumulate, repeat. The hard part is the noise model. If your simulation assumes fills always work and live they don’t, you’ve built a confident wrong answer.

Transfers to: capacity planning, SLO budgeting, risk modeling, any “what does the worst case look like?” question. When a stakeholder asks for a single-number forecast, give them a distribution and let them pick the percentile.

Adjacent (not used here): Parent area — stochastic simulation and uncertainty quantification. Siblings — bootstrap resampling (Monte Carlo over your actual data instead of an assumed model), block bootstrap (preserves autocorrelation), parametric Monte Carlo (when you have a fitted distribution rather than samples), Markov Chain Monte Carlo (for sampling posteriors), variance reduction techniques (antithetic variates, control variates) when sims get expensive.

Common-sense versions: scenario analysis, what-if modeling, ranges and confidence intervals, percentile reporting, error bars, min/median/max summaries. All forms of “report a range, not a point.”

5. Training/serving parity as an engineering problem

The most expensive class of bug in ML systems isn’t bad model architecture; it’s the same input getting transformed differently in training vs. live. This is a software engineering problem with known fixes:

  • One feature code path. The function that produces a feature in training is the function imported by the live runner. Same code, not a “ported” version.
  • Stats bundled with the artifact. Normalization means/stds, feature ordering, label encoders — all serialized into the model checkpoint, loaded together, immutable.
  • Integration tests that compare both paths. Take a row of raw input, push it through the training feature path and the live feature path, assert the resulting tensors are equal. Run on every deploy.

With these in place, an entire category of “the model worked yesterday and is broken today” stops happening.

Transfers to: any system where the same logic runs in two places — batch vs. streaming, offline vs. online scoring, server vs. client validation.

Adjacent (not used here): Parent area — ML systems / MLOps. Siblings — feature stores (the heavyweight version of “one feature code path”), shadow deployments (run new model alongside old, compare outputs in production), canary releases, model registries with lineage, data validation frameworks (Great Expectations, TFDV), schema evolution policies for upstream data sources.

Common-sense versions: shared libraries, DRY, single source of truth, configuration-as-code, pinned dependencies, reproducible builds. All variations on “the same logic should not exist in two places that can drift.”

6. Filter noise to find signal

Most signal-extraction work is some flavor of “make the structure visible by suppressing the things that aren’t structure.” A few cheap, broadly useful versions:

  • Rolling statistics (mean, std, z-score) over an appropriate window turn raw observations into context-relative ones. A 2σ event is usually more informative than an absolute threshold because it adapts to regime.
  • Quantile binning beats absolute thresholds when the distribution shifts. “Top decile of imbalance over the last hour” is more durable than “imbalance > 0.7.”
  • Multi-window confirmation. A condition that’s true at 1m, 5m, and 15m simultaneously is doing more work than the same condition at one window.
  • Look at the distribution before choosing a threshold. Histogram the raw values. If 99% are in a narrow band and you’re tripping on the 1% tail, the threshold is doing all the work and the model isn’t.

Transfers to: anomaly detection, alerting, dashboards, any “is this point unusual?” question.

Adjacent (not used here): Parent area — signal processing and feature engineering on noisy time series. Siblings — EWMA / exponential smoothing (when you want recency-weighted state), Kalman filters (when you have a model of the underlying process), wavelet decomposition (when structure lives at multiple scales), CUSUM / change-point detection (when you care about regime shifts rather than point outliers), Hampel filters (robust outlier replacement).

Common-sense versions: moving averages, debouncing, hysteresis, deduplication, rate-limited alerts. All forms of “don’t react to every individual data point; let the underlying trend declare itself.”

7. Kill-switches and risk gates

Let the system make decisions inside a hard envelope it cannot cross. Concretely:

  • Soft caps trip before hard caps. If the contract says “halt at 4% daily drawdown,” halt yourself at 3%. The buffer is what keeps a single bad event from becoming a fatal one.
  • Tiered modes — green/yellow/red, or whatever language fits. Yellow halves your risk and only allows the highest-confidence actions. Red allows nothing. Degradation is graceful instead of catastrophic.
  • Idempotent kill-switches. A single command should safely stop the system, and calling it twice should do the same thing as calling it once. State machines beat flags.
  • Structured rejection logging. Every blocked action gets a reason in a journal. “Why didn’t it act?” should be one grep away, not a re-derivation.

This pattern shows up everywhere serious software runs: circuit breakers in service meshes, feature flags with kill paths, rate limiters with tier-based throttling. Same idea across domains.

Transfers to: any autonomous or semi-autonomous system that takes consequential actions. Automated remediation, batch-job orchestration, billing systems, anything with a blast radius.

Adjacent (not used here): Parent area — reliability engineering for systems that act on the world. Siblings — circuit breakers (the service-mesh form of the same idea), bulkheads (isolate failure domains), bounded retry with jitter, rate limiting / token buckets, SLO-based error budgets, dead-man switches, two-person-rule gates for irreversible actions.

Common-sense versions: feature flags, config-driven limits, dry-run modes, manual approval steps, rollback plans, hard-coded caps. All forms of “give the system a clearly defined boundary it cannot cross without a human.”

8. Systematic rejection over endless iteration

In Part 1, three orthogonal experiments — Legs A, B, and C — each took a day or two and together ruled out an entire strategy class. The alternative, more model and feature iteration, would have been months of motion without progress.

The general pattern: when something isn’t working, design two or three orthogonal experiments whose outcomes would each independently kill or save the idea. If they all fail in the same direction, the strategy class itself is the constraint, not the implementation. The shift is from “let me try one more thing” to “let me design the experiment that would convince me to stop.” That experiment is almost always cheaper to run than the one-more-thing.

Transfers to: any debugging or research situation where you might be optimizing the wrong loss. The hardest part is being honest about what would actually change your mind.

Adjacent (not used here): Parent area — experimental design and falsification. Siblings — ablation studies (which component is doing the work?), pre-registered hypotheses (decide the kill criterion before seeing the result), oracle / upper-bound analyses (Leg A is one), counterfactual analysis, sensitivity analysis (how robust is the conclusion to assumptions?), bisection-style debugging.

Common-sense versions: time-boxing, rubber-duck debugging, hypothesis-then-test, exit criteria, stop-loss thinking. All forms of “decide what would change your mind before you start, not after you’re attached to the outcome.”

Why this transfers

Trading is unusually unforgiving — real counterparty, real money, real costs, tight feedback loop, no room for hand-waving. That’s what makes the methodology generalize. The questions are domain-independent:

  • Can you measure the thing?
  • Can you simulate it under noise?
  • Can you bound the worst case?
  • Can you tell whether you’ve actually improved it, or whether you’ve just gotten lucky on one slice?

The discipline to apply simple tools rigorously, the engineering to make them survive contact with real systems, and the honesty to design experiments that could prove you wrong — that’s most of it.