Monday, July 20, 2015

GHC15: I Can't Wait!

I am so excited to be co-chairing the Communities Committee for the Grace Hopper Celebration of Women in Computing again this year, seeing Houston, attending as a team member from a sponsoring company, and interspersing technical conversations with discussions of work/life issues without feeling exposed.

What's the Communities Committee?  We're a group of volunteers that ties all of the social media aspects of the conference together.  We seek out volunteers to take notes of sessions, write blogs about their experiences, share on Facebook, LinkedIn, Twitter and Instagram, and even create their own video blogs.  We coordinate the hash tags, process incoming volunteer applications, help the volunteers get onto our aggregate sites and retweet and share things like crazy during the conference.  This year, our committee has expanded - you'll be hearing from other committee members soon - as we're going to be adding several more exciting interactive elements to the conference itself.

Through the committee, I learn about many new technologies (like the tools we use to collaborate: Google Drive, Trello, Blogger and Slack - plus about the interesting work my colleagues are doing). My co-chair, Charna Parkey, works at a fascinating start up that lets you check your job listings for unintentional bias! They will get you the best applications, then it's up to you to make the sale.

As for Houston - I've only ever spent one night there before a cruise.  It'll be hot and humid, I'm sure (though it will be October), and I'll be staying near a giant shopping mall - but I'm sure there'll be more to see!  Space stuff - at the very least!  Any other suggestions?!

And Oracle is sponsoring the conference again this year! Please do stop by our recruitment booth - we're looking for smart new college grads and experienced folks. Bring your resume!

Finally - last but certainly not least - there is something so refreshing, so recharging about talking about cool technology with other women.  Women in tech are a special kind of breed - we've all worked hard to get where we are (even if that's just our senior year in college): overcoming unintentional  (and sadly sometimes intentional) bias, constantly having to explain why we are where we are ("why are you studying computer science?" - yep, got that a lot in college), and always working to get over Imposter Syndrome.

Technical women are different - we can be honest with each other when we are frustrated, or do not understand what the other is talking about. We are passionate and still patient.  We understand that not everyone is up on the lingo of our profession, and will take a moment to explain things to a "newbie".  We empathize with each other on our tough life situations and understand nobody is perfect.

I know I will learn a ton - about security, career and life balance, and how to be a better manager and still keep my engineer brain going.

I will continue my journey to grow as a leader in my community and at work.

It is, after all, "Our Time to Lead".

Will I see you there?

Monday, July 13, 2015

OWL: Understanding the Hidden Language of the Subsconcious

Oracle Women's Leadership group brought in Master Hypnotherapist/Three in One Behaviorist Dylan Rumley on June 18 to help us learn how to shift negative experiences into positive ones by harnessing the hidden language of the subconscious to our favor.

The evening started out with drinks and hors-d'oeuvres and networking with other women from Oracle. As it was held at our headquarters, I had the opportunity to meet many women I normally would never cross paths with. Everyone I talked to was so interesting, and friendly. A fantastic environment!

Dylan was an energetic and thoughtful speaker, who is focused on one goal: She wants to bring peace and calm to as many people as possible, using a whole brain approach, for adults and children.

Dylan spoke of her work with adults and children alike, and her discoveries she's made through her training and work with clients.  The brain loves to play! Without stress, learning can be easy for anyone. Think about how much fun you have and how relaxed you can become when looking through a kaleidoscope.

Dylan spoke of three brain states: the brain we know, the heart and brain together (coherence), and the psoas muscle. Wait, what? Yes, the psoas muscle - the one that many of us work on relaxing through yoga and tension release exercises.  Dylan believes all of these things should be used and taken care of to use your "whole brain".

There is a myth that some people are right brained and some are left, as we all need both hemispheres for executive functions and creativity. Sure, some people may find more inspiration from one side or the other - but if you can learn to use both, you can do more with your life.

Confusing, right? Let Iain McGilchrist explain it all to you:

Both hemispheres of our brain need to work together, but as we've evolved, the connections have been broken or shrunk.  The focus of the right hemisphere is broad, the left is narrow.

Dylan reminded us that it takes 21 days to change a pattern.  She had to remind her client, Wesley, as well. He came to her with extreme panic attacks when he tried to get on an airplane, bus or train. He was convinced that his claustrophobia was incurable. After exhausting doctors, medication and conventional therapists, he thought he had nothing to lose by seeing Dylan. She told him that if he could get himself into a true whole brain state, he would not be able to panic.

Dylan and Wesley worked together in an intense schedule for 21 days - and at the end of that 21 days, they got onto a plane together. Wesley was able to then fly across country to see his child's college graduation. :-)

One way to get your brain hemispheres to communicate more effectively is from doing cross patterning exercises.  Doing this helps the subconscious disconnect from your conscious and complete filing away emotions and events that are blocking you. It doesn't mean that you will forget these events, but that they will no longer stop you from moving forward with your life.

Dylan taught us a handful of cross patterning exercises and recommended we do them every day for 21 days - to create new brain habits.  All of these exercises involve keeping the body moving in some fashion (hands or eyes in the two we learned), which will help you from getting into the "freeze" mode in an uncomfortable situation.

Dylan additionally talked about the Behavior Barometer - how to manage your feeling words. For example, Anger is a really important emotion. When harnessed correctly, it can help you discover things.

She stressed how important it was for us to feel fully, or warned us that we could get stuck. Boy, that's happened to me before - playing conversations over and over in my head, re-reading emails, thinking about a car accident I witnessed, etc.

We need to work with our subconscious, get those emotions and events filed away properly so we can move forward.

Looking at the Behavior Barometer, find your emotion. Look up the definition of your emotion in the dictionary. Look up the meaning of its Latin roots. Truly understand what you are feeling.

Take the Resentment section, for example, and imagine your consciousness is feeling offended. Find the word in the same position under the subconscious section: ruined. See where that is leaving your body: no choice. Stuck.

If you can own your feelings ("Yes, I am offended"), then your subconscious can let go.  the subconscious loves completeness, so give it to your brain.  Don't ignore feelings, acknowledge them - but stay there for less time.

Dylan noted that our subconscious also loves to heal. To help move this process forward, she recommends guided imagery, meditation, and cross pattern activities.

She ended the evening by taking us through her 20 minute guided imagery meditation, called "The Theater". Dylan recommends listening to this as you fall asleep at night. I found I left very relaxed and happy - so maybe that means I need to start meditating again!

Monday, April 20, 2015

RSA & PKCS#11 v2.40 - Official OASIS standards!

I am excited to announce that our new PKCS#11 specifications are *official* OASIS standards!

The PKCS11 technical committee worked hard over the last 2 years to update the last standard draft from 2009 and run it through the OASIS process.  I am very proud of the committee and OASIS
community for reviews, discussion and guidance.

If you'd like  to learn more, please come by the OASIS booth (South Hall, #1921) at the RSA conference this week - myself, other Oracle Solaris security folks and other TC members will be there to answer your questions!

Thursday, March 26, 2015

PKCS#11 Webinar Friday (That's Tomorrow!)

Bob Griffin, EMC, and I will be presenting the history of PKCS#11 and where we are going with the standard in our OASIS Technical Committee Friday, March 27, 2015 at 8AM PT.  This is in preparation for our OASIS wide vote for PKCS#11 2.40 to become an official OASIS standard (boy, this process has taken longer than I imagined possible!)

Come along and hear all about it, and ask me and my co-chair questions!

You can register here at the OASIS site.

"See" you there!

Monday, March 16, 2015

Vote for Me!: Open Crypto Standards Talk at RSA

I would like to give a talk on PKCS#11 and KMIP and how you can escape vendor lock in by using open standards at this years upcoming RSA conference, but I can only do it if I can get your vote! This year, RSA is "crowd sourcing" a few talks - the most popular will be sent to their program committee. I only have a chance if I get your vote.

Voting closes on April 2, so please don't delay!

Attendees votes count for double, but even non-attendees can vote. Please check out my talk and vote for me. Thank you!

Wednesday, March 11, 2015

International Women's Day Breakfast at Google

I was so honored to be asked to join a breakfast for a small group of women at Google this past Saturday in celebration of International Women's Day hosted by the Women Tech Makers group.  It was a great place to get to know other senior women in the industry, with loads of time for networking.

I was so impressed that when Natalie Villalobos (our host) asked her boss, Meg Smith (now US CTO), about taking her 20% passion project to inspire women in tech and improve diversity in the industry to a full time job that Ms. Smith agreed and talked to others at Google to get funding for that as a full time position!  Now Ms. Villalobos gets to work on Women Tech Makers full time - what an awesome job!

I loved our keynote speaker, Suzanne Frey, Director of Policy, Trust & Security, Google Apps .  She was full of energy, was inspiring and super smart.  Suzanne Frey had the following advice for the women leaders in the room:

  1. Ms Frey had learned about the cingulate gyrus - the part of the brain that does "look back" (ie how could this conversation have gone better, what if I had gone to that event instead of this other one, etc). Basically, she learned that women's cingulate gyrus fires much  more frequently than men's. The summary of the research was that more men are not focused on potential mistakes of the past, but moving forward, looking ahead.  Her advice? Stop ruminating on the past!

    As someone who has spent many a night tossing and turning thinking how I could've better handled a situation, how I wish I would've called my grandmother one more time at the holidays (I did not know she was sick and dying until it was too late and she had already passed), what if I had picked up my grandma's cat sooner - could I have prevented his FIP from flaring out of control and killing him? Was I too short in that text message to my friend? What if, what if, what if...

    I remember years ago complaining to my mother that my husband fell asleep instantly and she responded, "Men do that, they don't worry about the day behind them - they want their rest for the day ahead. Their minds are quiet at night."

    Of course, there is certain contemplation both men and women should always do, so that you can improve your future performance - but you cannot change the past or actions of others, and its better to learn the lesson and move on.
  2. Have your own personal board of directors. Other women leaders you can bounce problems and ideas off of. Meet regularly.  She meets with hers every quarter - an international group, so meetings times can be at very irregular times for US.

    This is hard for me - when I go to event like this breakfast, I got so much out of talking to other female managers. We face similar challenges but have very diverse ways to look at things.  It's the keeping it going afterwards.

    Do you have a personal board of directors? If so, how did you set it up? How do you keep it going?
  3. Your intentions and how you are perceived are not always the same.  Be aware of that, and it will impact how you take actions. It's important to believe in yourself - that will change how you are perceived!
  4.  Start to reinvest in yourself. Do NOT do things that deplete you.  Use things like TaskRabbit. You are worth a few dollars a month - your time is worth so much more. Your energy and efforts are better spent on yourself and elsewhere then on housecleaning, etc.
Lots of great advice from around the table - including learning how to pick our battles, how to manage children/family and work and calendar management.

What tips do you  have for emerging women leaders?

Friday, November 21, 2014

ICMC: Entropy Sources - Recommendations fo a Scalable, Repeatable and Comprehensive Evaluation Process

Sonu Shankar, Software Engineer, Cisco Systems
Alicia Squires, Manager, Global Certifications Team, Cisco
Ashit Vora, Lab Director and Co-Fonder, Acumen Security

When you're evaluating entropy your process has to be scalable, repeatable and comprehensive... well, comprehensive in a way that doesn't outweigh the assurance level you're going for. Ideally, the method used for the evaluation would be valid for FIPS-140 and Common Criteria.

Could we have the concept of a "module" certificate for entropy sources?

Let's think about the process for how we'd get here. we'd have to look at the Entropy Source: covering min-entropy estimation, review of built-in health tests, built-in oversampling, and a high-level design review.

There are several schemes that cover entropy and how to test it. You need to have a well documented description of the entropy source design, and leverage tools for providing statistical analysis of raw entropy.  It would be good to add statistical testing and heuristic analysis - but will vendors have the expertise to do this correctly?

How do you test for this?  First, you have to collect from raw entropy - disabling all of the conditioners (no hashing, LFSR, etc) - not always possible, as many chips also do the conditioning, so you cannot get the raw entropy. If you can't get the raw entropy, then it's not worth testing - as long as you've got good conditioning, it will  look like good entropy.

In order to run this test, you need to have at least one file of entropy contiaing 1 million symbols and the file has to be in binary format.

When it comes time to look at the results, the main metric is min-entropy.

You need to be careful, though, to not over sample from your entropy source and drain it. You need to be aware of how much entropy it can provide and use it appropriately. [* Not sure if I caught this correctly, as what I heard and saw didn't quite sync, and the slide moved away too quickly]

When it comes to reviewing noise source health test - need to catch catastrophic errors and reductions in entropy quality This is your first line of defense against side channel attacks. This may be implemented in software pre-DRBG or built-in to source.

Ideally, these entropy generators could have their own certificate, so that 3rd parties could use someone else's hardware for an entropy source - w/out having to worry difficult vendor NDA issues.