Outstanding Women in Computer Security: A Panel

What made it so impressive were the women involved–each of their stories is a both a comfort and a clarion call. This post does not have a lot of one-liners–it is a word-picture of what a woman (or any person) can be in the high tech security sector. Also, check out Valerie Fenwick’s blog on this same panel. Enjoy!

Moderator: Carrie Gates, Computer Associates

Has a background in security research. And think’s she has the best job in the world: she gets to find a professor with a PhD student and fund that PhD student to do research on security stuff–at the end of 3 years they have results and a hopefully a PhD.

Carol Taylor, Eastern Washington University

Has a PhD in Intrusion Detection. She loves teaching.

How she got into the field:

She was studying software metrics in grad school and then had to find something else to do and began playing around with intrusion detection. She soon figured out she would never run out of work doing security and kept on doing it.

A day in her life

She spend a lot of time on class prep–she reads a lot and develops a curriculum. She also spends time guiding students. For professional development she writes papers and goes to conferences. She is also constantly think things up–how can I add to this? How can I get funded to do this?

Succeeding in security

Security is a very multidisciplinary field. Someone who wished to succeed in security needs a background in more than just CS–knowing about psychology or education would been beneficial. She herself has a background in biology.

Why is security a good field–and why is it s good field for women?

It is an unending set of problems. When technology changes, there’s new problems. “It’s a great field for it’s potential” she says. It has a technical background and a social background. Because women tend to have a broader perspective than men, “women are perfectly suited for this field”.

Rose Shumba, Indiana University of Pennsylvania,

How did you get into Security

She was encouraged by a mentor (Mary Micco) to get into Information Assurance. When she had to take a course she got really interested in Software Research.

What helped?

Grants. Lots of grants.

Daily life

Teaching and mentoring students–her female students are always hanging around her office to talk.

How do you succeed in security

Read extensively to keep up in this ever changing area.

Why is security a good field–and a good field for women?

To the question is it a good field for women she answered “yes and no”: if you’re eager to explore and find out about stuff you would like security. You must be a really hands-on person. If you have a heavy teaching load and kids waiting at home and family obligations this field can be really hard.

Becky Bace, Infidel

A quick note on her Consulting firm’s name. She told the audience the name came from something her father in Alabama used to say.

He’d tell her she shouldn’t grow up to be a hussie.

But since it was too late, she should never be a brazen hussie.

As she was already that, she should never become an infidel hussie.

He told her she was on the path to being an infidel hussie but wasn’t quite there yet.

She got into security by accident: a friend asked her come in to deal with some raucous hackers and she stayed on.

She pushed some of the initial Intrusion Detection Systems into market–and fairly recently her consulting firm ended up dealing with a company which was based on the product she had pushed to market.

Some interesting comments:

When you work in a really young industry you can have effects you might never expect.

Security has a great role to play when the Market is going down.

After 9/11 VCs (Venture Capitalists) got very interested in the growth of the security industry.

Books she has written (they sound fascinating):

Intrusion Detection

Forensic Testimony for Technologists

Helped to edit Geekonomics (coming out soon!)

Got a Masters in Special Education because of an Autistic son. Has found that understanding that some people who act oddly do so for reasons they can’t control opens a lot of doors for you because you can interface with people other people won’t.

Daily life

Talks a lot to the press, does a lot of editing and writing.

Ruth Nelson was a mentor and wrote some of the seminal papers on cryptoprotocal design. Did some of the initial cyptoprotocal design. Helps her be a very good heretic. :-D

How do you succeed in security

Do your homework. Read with a perspective: what was the reasoning behind the people writing what you’re reading? figure this out and then stand on their shoulders.

Why is security a good field–and a good field for women?

If there’s any situation where women can do better than men it is this one. There’s such a great community. You tend to float on the ballast of the community around us.

If you want to make your mark, do it in a young area–and this is still a very young area.

Kathy Jenks

Daily life:

As a Director she works with other organizations to secure all of Sun’s products, not just the OS for OpenSolaris. She spends a lot less time writing code or reviewing code–her time is taken up strategising about what products are necessary. Spends time speaking with customers and reading to keep up with the industry. In addition to being a Director, she is also a manager.

How do you succeed in security?

You need to be curious. You need to pay attention to the Industry. You need to understand the challenges of your customers and what they need to protect (network, file system, disks, etc). And then you need to think: what’s coming down the road 10, 20 years ahead. Having an objective perspective and a open mind. Approach all of the solutions openly.

Why is security a good field–and a good field for women?

Very multidisciplinary area–when hiring, she looks for people with OS background, network management, Java, C, C++, XML and lots of other things. There’s always challenges and things you need to do. Security applies to protecting our country, all of our customer’s countries, your medical data, your bank information, you privacy data: it crosses all social boundaries. If the question is “why security for women?” The answer is “why not?”

Questions from the Audience

Question:

If there is an undergraduate who is interested in Security, what classes should she take?

Take an elementary business course–if you understand a business, then you know what to protect.

Question:

Who could fund someone to go to Black Hat?

Some Universities will pay for you to go.

You could also go to DefCon–Professor Taylor uses a video on forensics from their website for her classes.

Email the organizer, tell them you’re a student and offer to volunteer (offer to work the registration desk–you’ll meet everyone interesting as they register).

Comment:

Read CISSP for background information on the security industry.

Inspirational Quote:

The King and his men stole the queen from her bed
And bound her in her [bower]
The seas be ours and by the powers
Where we will well roam
Yo ho, all together, hoist the colors high
Heave ho, theives and beggars,
Never shall we die

~Pirates of the Carribean: A World’s End

Jessica Dickinson Goodman

Official GHC 2007 Blogger
You may comment on this blog by visiting the GHC (Grace Hopper Conference) Forum.

2 responses

  1. Very interesting comments and advice on this field, how to succeed, get in, what the life is like, etc. It strikes me that following all this advice would land you in an interesting, reasonably paid field with a continuing need for your services. However, you would always be classified as a “Staff job” ie. a service to the real powers who do the controlling, as in the “Line jobs”: where the ultimate power lies – as well as the money, importance, travel, contacts, fun and games. To do this it’s important to go in as a “Line” employee from the beginning – even with a pay cut – so you signal your intentions to move up. and up. Having all these other skills will be very useful to you, but don’t let them define you.

Leave a Reply