Outstanding Women in Computer Security: A Panel

From Anita Borg Institute Wiki

Jump to: navigation, search

Kristen Gates has advised about upcoming cyber security research and internship opportunities. See the attached File:SECuR flyer 2008.pdf for more information.


Carol Taylor

Eastern Washington University

Carol has a PhD in CS from the university of Idaho. During her PhD research she has looked at intrusion detection, high assurance systems, classified/unclassified. She also has background in CS consulting, worked for a university group, and really loved to be in university settings. She got involved in security by accident. She wanted to do software engineering. However her professor has left to start a business so she looked for other candidate faculty and the most interesting one was doing security related research. So she has decided to give it a try. Carol got intrigued and kept to it.

On a daily basis she teaches, prepares for classes a lot, teaches networks, network security, develops curriculum, has several students to advise, writes papers, goes to conferences, tries to come up with new ideas. Her view of succeeding in security: must have background in more than technology, ideally physiology, sociology, business. Why is security good for women? - Un-ending set of problems, technology changes, always a new set of problems tomorrow. Pick anything to study and it will apply to security. Women have a much broader perspective than men, men focus on very technical issues, not how people use it and what is the impact of technology on society. Women can succeed and excel insecurity.

Rose Shumba

Indiana University of Pennsylvania

Rose has a PhD, MSc in CS, her research was in software engineering. She has co-taught courses with her mentor, then taught integration of security in OS courses, etc. Various grants have helped to fund research projects. She got to work with women in CS on these projects. As the outcome she they have published a number of security exercises in ACM journal on security. She spends her typical day teaching, advising, spending time with her children. To succeed one should attend conferences, collaborate with faculty, read extensively.

Question: What is a good place to look for publications?

Answer: www.cert.org is a good source

Kathy Jenks

Software Engineering Director at Sun Microsystems

Kathy has started as a junior, spent 7 years programming, then got into management, finally got opportunity to develop Solaris Group. She got to work with many talented people ever since.

Her typical day - spend time working with other organizations on strategies and securing Sun’s products. Her organization designs, develops, and delivers products, so there’s a lot of code writing and reviewing. She has spent a lot of time talking to customers, reading on what other companies are doing, what are the problems and challenges. She talks to people on what to do to make their OS secure. To be successful in security on e needs to be curious, needs to understand what software does to understand how to secure it, what’s going on in the industry, what customers need to protect. For example: how to send information across the network, how to protect file system and/or host, then think what’s coming down the road in 5-10 years. Need to have objective perspective, should have and open mind, approach all solutions objectively, and look for best solution for a given situation.

Why security? - It’s interesting, multidisciplinary, when they hire, they look for software background, networking background, programming skills, the list gets longer as industry advances. From OS perspective there’s always a vulnerability. The web is developing at ever increasing pace. There’s always challenges when it comes to security. They are protecting our country, your privacy, security crosses all social boundaries, and she can’t think of anything more fascinating.

Why women in security? - Why not?

Becky Base

Infidel

Becky got started as a security person and she was a girl geek before that. She kept changing majors trying to decide what she wanted to do. She got into security by accident - an old friend at National Security computer center needed an adult supervisor.

Security is the new age encryption appliance. In retrospect Becky has ended up having almost accidental effects in young industry. She has ended up in the Valley in the midsts of the .com boom. After 9/11 IT community realized that security was going to grow and was a good investment market. At that time she got into writing a book about intrusion detection. She wrote another book with a friend about how to behave when going to court as an expert witness in particular. And a 3rd book is in the works. Her typical day - boss around several very rich and powerful guys, edit a book or article, talk to press, meet with young entrepreneurs, introduce folks to each other, review proposed standards or policies, advise clients on security strategies, business interests, marketing and messaging of security, think about what security looks like in the future. What makes life fun? - get to work for yourself, work with lots of cool people from different domains, can actually affect the direction of industry/community, can mentor others and watch them gain power and influence in the community, get paid to do this stuff.

To succeed in security it is important to do your homework. Start with the classics, there are a lot of sources for information on security. Read it with a perspective, try to figure out what the reason was for people writing it, think holistically about the technology, don’t be a control freak.

Why? - It is a fast growing, still under-populated area of technology. It is also young enough to be able to make a huge difference in the area of societal need. It is extremely dynamic, our dependence on IT is growing and coherent security is critical to survival. Unlike many other areas of technology, women are extremely well equipped to dominate here. Women are much more dynamic, they able to clean up messes, handle disaster recovery well, and have better social skills.

Discussion:

Q. As an undergrad what courses would you suggest in preparation for security?

A. Understanding business helps you understand what to protect.


Q. Do you know of any funding opportunities to attend Black Head conference?

A. May be you can convince your administration to sponsor you; DevCon has proceedings available online; try to get funding from the university, try to volunteer at the conference to have the fee waived.


Q. how would you start off on your own, would you ignore old attack reports and just look at the latest ones?

A. You need to understand the nature of vulnerability to understand how the attack affects the business. Read CISSP documentation for a broader definition of security.

Retrieved from "http://community.anitaborg.org/wiki/index.php/Outstanding_Women_in_Computer_Security:_A_Panel"
Personal tools