Friday, October 5, 2012

GHC12: Cybersecurity: Are we there now and where do we need to be in 5 years?

Moderator: Minerva Rodriguez (Raytheon) Panelists: Meg Layton (Symantec), Carrie Gates (CA Labs), Michele Guel (Cisco),  Perri Nejib (Lockheed Martin)

Michele Guel has, amazingly, been in the industry for more than 30 years, starting out as sysadmin - but then, November 2, 1988 happened... The Morris Worm! Suddenly her department saw the need for a security expert!

Meg Layton started out with a Political Science degree... only to find out later, there weren't any jobs for that degree. Her first computer she used was the lighting board at her local theater and eventually found her way into IT. Eventually her career took her to Africa and realized that you haven't seen a security problem like security problems they have in a country that's just gone through a civil war.  She switched into security on September 18, 2001 after the Nimda worm was launched.

Dr. Carrie Gates found computers by following music - their department had a nice stereo.  While working as a sysadmin, she started working on a part time PhD.  The other sysadmins bragged about how much security knowledge they had, and wanting to have more, she focused her PhD in security :-)

Perri Nejib originally wanted to be a dentist! But, turns out she wasn't a fan of biology, so she changed her focus to engineering - much more fun! Her first internship was with the government, so she was able to get security clearance before she graduated - which led to her first job in the Army, working on circuits for nuclear projectiles. Security was important back then, and more important now.

Dr. Gates is not fond of the word "cyber" - but, says it's good for getting funding! (ah, buzzwords) Most of the panelists agree - they just work on security. Some of the panelists are big focus folks, while others are working on research. Ms Guel laments on the great shortage of cyber security talent, encouraging everyone to go and learn more and come apply for security jobs.

Ms. Layton said we're still not "there" - too many teams are not keeping security in mind from the early design process. This is not something we can bolt on later (preaching to the choir, here :-)

Dr. Gates notes that as long as we adversaries, our work will never be done

Ms. Guel told us to go look at the Mitnick vs Shimamoura attack. That was 20 years ago. Machines are still vulnerable to that attack!  Until everyone understands that information on the Internet is forever and that machines are long lived - we won't be there.

Ms. Guel recently started security classes at her office for non-security people, getting people to be responsible and understand the repercussions. Seems that Ms. Layton's teams she's encountered suffer from lack of training in security as well. General goals over the next 5 years - just get people informed!

Ms. Layton encourages us to keep young women (and men) informed about computer security, but keep the message simple: Keep safe, keep telling.

All of these women love their jobs and have such passion, it's clear that there's a lot of work that needs to be done and lots of opportunities in this industry.  I know I love working in computer security

Unfortunately, some of the speakers were not good about staying on mic (they were very animated, so head kept turning away), so I couldn't hear all of them very well, but overall very interesting.

This post syndicated from Thoughts on security, beer, theater and biking!