Friday, October 5, 2012

GHC12: Cybersecurity: Are we there now and where do we need to be in 5 years?

Moderator: Minerva Rodriguez (Raytheon) Panelists: Meg Layton (Symantec), Carrie Gates (CA Labs), Michele Guel (Cisco),  Perri Nejib (Lockheed Martin)

Michele Guel has, amazingly, been in the industry for more than 30 years, starting out as sysadmin - but then, November 2, 1988 happened... The Morris Worm! Suddenly her department saw the need for a security expert!

Meg Layton started out with a Political Science degree... only to find out later, there weren't any jobs for that degree. Her first computer she used was the lighting board at her local theater and eventually found her way into IT. Eventually her career took her to Africa and realized that you haven't seen a security problem like security problems they have in a country that's just gone through a civil war.  She switched into security on September 18, 2001 after the Nimda worm was launched.

Dr. Carrie Gates found computers by following music - their department had a nice stereo.  While working as a sysadmin, she started working on a part time PhD.  The other sysadmins bragged about how much security knowledge they had, and wanting to have more, she focused her PhD in security :-)

Perri Nejib originally wanted to be a dentist! But, turns out she wasn't a fan of biology, so she changed her focus to engineering - much more fun! Her first internship was with the government, so she was able to get security clearance before she graduated - which led to her first job in the Army, working on circuits for nuclear projectiles. Security was important back then, and more important now.

Dr. Gates is not fond of the word "cyber" - but, says it's good for getting funding! (ah, buzzwords) Most of the panelists agree - they just work on security. Some of the panelists are big focus folks, while others are working on research. Ms Guel laments on the great shortage of cyber security talent, encouraging everyone to go and learn more and come apply for security jobs.

Ms. Layton said we're still not "there" - too many teams are not keeping security in mind from the early design process. This is not something we can bolt on later (preaching to the choir, here :-)

Dr. Gates notes that as long as we adversaries, our work will never be done

Ms. Guel told us to go look at the Mitnick vs Shimamoura attack. That was 20 years ago. Machines are still vulnerable to that attack!  Until everyone understands that information on the Internet is forever and that machines are long lived - we won't be there.

Ms. Guel recently started security classes at her office for non-security people, getting people to be responsible and understand the repercussions. Seems that Ms. Layton's teams she's encountered suffer from lack of training in security as well. General goals over the next 5 years - just get people informed!

Ms. Layton encourages us to keep young women (and men) informed about computer security, but keep the message simple: Keep safe, keep telling.

All of these women love their jobs and have such passion, it's clear that there's a lot of work that needs to be done and lots of opportunities in this industry.  I know I love working in computer security

Unfortunately, some of the speakers were not good about staying on mic (they were very animated, so head kept turning away), so I couldn't hear all of them very well, but overall very interesting.

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: Securing Our Borders - Are we there yet?

Pamela K. Arya, A-T Solutions, has been actively involved with securing our borders. Some of their biggest concerns are IEDs, which are very cheap to make and deploy but very difficult to detect. These were first seen regularly in Northern Ireland, much less sophisticated than what we're seeing today in Iraq. Old IEDs were triggered with pressure so were often buried in the ground - easier to detect and monitor for. Newer ones can be set on the ground in a busy area and easily remotely detonated. Blocking signals doesn't work, as cell phones will also stop working!
Unfortunately, IEDs have become a part of the war on drugs in Mexico, often in the form of vehicle born IEDs. A-T Solutions will analyze post blast areas to help to determine what type of device was used and also will train local law enforcement about these devices. One of the best defenses against these attacks is still a dog - very difficult to trick a dog that's been well trained.

These types of devices also turn up in booby trapped homes, so there is special training for that as well. On the ground in Iraq, they've found that former farmers or other rural people can be better trained to find these IED devices. The theory is that by having a rural up bringing, these people are not used to tuning out noise or details that city dwellers need to do.

Her slides included images of post blast scenes and task forces that really bring home how real this problem is.

Laura McLay, Virginia Commonwealth University, has been working on aviation security and optimization, particularly focused on protecting nuclear material. Looking at aviation security, the first obvious thing we think of: hijackings! These have been a problem since the 1940s, with domestic hijackings peaking in the 1970s.   In response to a possible terrorist related plane crash (ended up just being an accident), Al Gore sponsored a bill creating CAPPS: Computer-Aided Passenger Prescreening System. 1998-2001, only selectee baggage was scanned. This worked well.

These machines that scan checked luggage weigh tons, take years to make and were only made by two companies, so after September 11, 2001 when all bags needed to be scanned - airport lobby floors had to be reinforced and two companies were very busy for awhile.

When a new device is being tested, it typically starts out in just four airports - and it's difficult (if not impossible) to keep those four airports a secret, so other methods need to be deployed.

Random screening doesn't seem to be an effective way to deter actual threats and thoroughly screening all passengers is not feasible, so more research needs to be done in this area to optimize this.

Susan Wilson, Cyber and DHS Solutions Operating Unit/Northrop Grumman Information Systems, Border Patrol Goals and Challenges. The Mexican border threats is well understood, but now we're having to watch the Canadian border more and the old  methods won't work with the layout of the land we have in the north.

If you're trying to protect with something obvious, like a wall, it's easier for people to come up with ways to work around it. The more hidden and subtle your border control is, the more effective it can be - but only combined with rapid response.  More agile solutions that can stay one step ahead are optimal.

One threat they actually see: balloons! So, watching the ground alone is not sufficient.

They would like to leverage open standards based components to integrate field-proven detection and assessment devices with a good user interface!

Questions for this panel ranged from how are environmental impacts considered (separate consulting firms all come together on the final solutions for border control), speed of screening at airports (focusing on doing this but maintaining security - not there, yet), agencies working together (there is just not enough funding for everyone to have all of this amazing equipment), to serving your country by protecting the borders.


Seniha EsenYuksel, University of Florida, was unable to present today due to a family emergency, but her slides will be included on the Grace Hopper Wiki.

This panel was moderated by Wendy Rannenberg.


This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: Anita Borg Social Impact Award Winner: Cathi Rodgveller

This year's winner of the Anita Borg Social Impact is Cathi Rodgveller, founder of IGNITE (Inspiring Girls Now in Technology Evolution) Worldwide , she has impacted the lives of more than 18,000 women - and inspired many of us here today!

We had a wonderfully intimate session  - a great way to spend some time with an amazing woman! Her presentation was short and sweet, giving us enough background to fuel the fire for questions - and I discovered that this entire room was full of interesting women doing great work to inspire and mentor young women in technology careers.

Ms. Rodgveller started IGNITE on a Sex Equity grant 14 years ago in Seattle. She makes sure that the group stays lively and accessible by holding an event at least once a week. There are over 30 active chapters in Washington alone - and more across the globe! Ghana opened a chapter 5 years ago, and Legos, Nigeria has over 20 chapters - some of them the first programs in the area for girls.

She is tired of hearing schools saying that this outreach is not a priority, so if anyone can help set up this program for middle school or high school near you, she knows that the teachers would appreciate it. Ms. Rodgveller has been running this program herself for 14 years, and is willing to mentor anyone who can help start a chapter.  As a woman in industry, you can volunteer as little as 90 minutes for one event once a year.

We were fortunate to have one of the very first girls that went through the program at Nathan Hill High School in Seattle.  This girl, now a woman, said she originally wanted to be a veterinarian and considered herself totally technically unskilled. This long ago workshop inspired her to learn more and take a few computer science classes in college, and now she's about to finish her PhD at USC! It's amazing what an impact a few events could have on a young woman's life. Truly inspiring!

She encourages these events to be about stories, not lectures. Her book covers how to do this for each age and is geared towards teachers, using teaching models they are already familiar with. The program can be very inexpensive - merely the cost of a bus and a substitute teacher. It's designed to be cheap and easy.

If you're a woman in industry who wants to help? You can meet with a representative from the school to help get them started up and get them connected with IGNITE.

Ms. Rodgveller needs you - can you helps start up a local branch? You can learn how to do this yourself with the IGNITE Toolkit.

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: The Internet Enables All the Worlds Hackers to Attack Your Computers 24/7. Are we secure enough yet?

Susan Lincke (University of Wisconsin),starts out with the question: Are we secure enough, yet? Looking at all of the attack reports on the news - NO! If the big companies can't get it right, what are the chances for the little companies doing it correctly?

Dr. Lincke got a grant from the NSF to create a security workbook. A security how-to with goals that non-professionsals can easily use it. It covers things like code of ethics, risk assessment and how to protect this data. It's a workbook, so a lot of the items are skeletons that you need to fill in for your specific needs and gives you a method for calculating expected loss for all of these risks.

The workbook also introduces concepts like recovery time (interruption window, service delivery objective, and maximum tolerable outage) and terms (recovery point objective and recovery time objective).

It also helps with security classification guidelines for the data, like what type of stuff should be confidential? In a medical office, that would be data covered by HIPPA, for example.

The workbook covers concepts like network security and helps people define which services and data can leave the local network. The same concepts can then be applied to the physical security map - like, which rooms can a patient walk around unmonitored?

All of this requires an incident response plan - what to do if you get a virus? What lessons can you use going forward to prevent future infections or attacks.

I think this is a great idea - I think about a small dental office, which does need to protect patient data, but probably haven't considered this because the concepts are foreign to them and seemed too difficult to begin to approach.

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: Security and the Cloud

Susan B. Cole, Exceptional Software Strategies, Inc. started out with a great explanation of what exactly the cloud is and what goes into it (data, mostly). Advantages of the cloud? On demand self-service, broad network access, resource pooling, rapid elasticity and measured service.

Cloud is important - you're probably using it even if you don't realize it. Things like Dropbox and Google Docs are all cloud services. (note: I LOVE Google Docs! Being able o have multiple people modify a spreadsheet without emailing back and forth large files and constantly changing the name to add versioning is so nice!)

The problem, though, is a lot of people end up creating their own clouds out of necessity, but do not consider security - so, it's good to use large providers who have this built into their solutions already.

A big benefit of cloud: money savings. For example, the city of LA saved $1.1 Million per year by switching to Google Mail and Google Docs.

But, before you move to the cloud, make sure security and confidentiality are covered and get this is in writing! Service level agreements and contracts are required. You will no longer be in control of your data.  Look out for different tenants using the same instance of service but unaware of strength of the other's security controls, most SLAs do not have security guarantees, and once you're on the cloud, you are open to the world's hackers.

Ask where your data is? If your company is in Maryland, but your data ends up in California you need to be aware about California laws on data protection, as your local state laws will unlikely apply.

Can you get auditing from your cloud provider? HIPPA and PCI help with medical and financial cloud providers, but you need to even check those to make sure they are in compliance.

While you can do penetration testing on your own network, you can't do this against your cloud provider - the provider won't be able to  distinguish your test from a real attack and... what if it works and then you take down another tenant?  You need to get your provider to do regular security assessments and you'll have to ask for the reports.

 If the provider cannot or will not provide this data? You shouldn't use them!

Does your cloud provider encrypt the data between their network and yours?

You need to be in charge of asking these questions to protect your data - meet with your cloud provider regularly!

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: Leadership Workshop: Office Politics for People Who Don’t Like Politics

I always love every single Jo Miller, Women's Leadership Coaching, workshop so was so thrilled when I heard she was coming back to Grace Hopper Celebration of Women in Computing again this year!

The emerging leader's quandary: How do you get to that higher level position that requires more leadership experience than you have - but you can't get the leadership experience without the position?  A challenging question many of us have faced in the past - not just with leadership, either! Jo hopes to give us all skills that will help us become better leaders without necessarily leading a team.

Office politics - nobody likes playing this game, at least nobody in this room. But, would you be willing to join the game if it will get you the promotions and projects that you want to work on?  Could this be a skill, and not just an annoyance. "avoiding (office) politics altogether can be deadly for your career" - Erin Burt

Jo proposes that there is a way to navigate office politics in a way that is both ethical and advantageous for your teams.

Hard work alone won't get you recognized. So, work less :-)  Not exactly, but if you're always so heads down with working and never letting anyone know what you're doing.

"Get out of your in-box!" - Barbara Gee.  Get out and talk to people! Step away from the terminal..

Lets stop calling it office politics - such negative connotations. What about Organizational Awareness?  What does that mean? Being a savvy observer of the communication and relationships that surround you in your organization.

This isn't just about looking at the org chart - it doesn't tell you everything, like, who are the thought leaders, who gets things done, who's been over-promoted and are actually ineffective?   You need to find people that can happily help you get things done - the Shadow Organization. This isn't what HR knows, it's what you know.

Jo had us put together a chart of those people that we work with most frequently, adding solid lines for people that work well together and dashed lines for those that don't work work well together, adding arrows to show how influence flows. Once that is all done, we drew circles around coalitions - people that work well together. Once this was all on paper, we could better think about things, like how did those coalitions form?  Is one person excluded from all coalitions and perhaps everything?  Doing this will help you to gain perspective on your team

The final piece of this shadow organization is the verticals: people who are getting mentored and sponsored by their manager and passing this up. Like a ladder.

Doing this myself, I realized that my "shadow organization" includes many people that are not in my direct org.

Highlights of the Shadow Organization:
  • Relationships
  • Influence
  • Coalitions
  • Key Influences
  • Verticals
After a group discussion, a couple of questions came up about people in their organizations who are separated from everyone due to something they did many years ago. Jo recommended really focusing over the next few months on rebranding themselves - keeping all work and communications positive to help overcome past mistakes.

How can we gather information to help map the shadow organizations?  Can you do this via face-to-face interactions? What about virtual teams?  A few audience suggestions included organizing "friendship lunches" where you just reach out to people in your organization and field of influence on a casual basis, don't open your laptop in a meeting - connect instead, invite people to coffee (and see who else is having coffee together), and never miss a happy hour :-)  For virtual teams, site visits and video calls, even if just occasionally, should be done, in addition to talking on the phone.

Sophie Vandebroek, CTO of Xerox, once told Jo: "It's not enough to have a bright technical idea. I have seen too many projects led by great, passionate people fail because they tried to be the lone influencer." Can we have stronger teams and more successful projects by building more relationships and coalitions? It sounds like it!

Every organization and every team has unwritten, unspoken "Rules of the Game". It's unlikely that anyone is going to tell you about it - but you can probably ask.  For example, in some teams, no work should start until consensus is reached - while in others, act now and ask questions later is the rule. To be successful - learn these rules in your org.

There are five ways to generate quick wins in office politics:
  • In every organization, there is some who is great at navigating office politics - find them and ask them how they do it!
    • They navigate well at all levels
    • They are the keeper of the "institutional memory"
    • They are good at reading people
  •  Build and influential coalition
    • It can be quicker and easier to get great things done from the grass-roots
    • Be an advocate for others, support stuff that's important to them
  • Don't like the unwritten, unspoken "rules of the game" - become a game changer!
    • If you don't like them, you're probably not alone! This is where you can get those other like minded individuals to  help you to do so.
      • For example, you can't make the late night "happy hours" in bars because you have to pick up your kids, or have other obligations - can you create a new social event that happens during normal work hours?
  • Manage Upward
    • Leading your leaders is easier than you think... 
      • Think and act like an executive
      • Understand their most important goals, their challenges, and how they make decisions.
      • Remember - you're the expert in what you do, don't be deferential.
      • Always have a talking point ready
        • Executives have to make decisions quickly, be prepared to talk to them if you see them in the hall, in between meetings etc.
  • Enlist senior-level sponsors and adocates
    • These aren't mentors, but sponsors - someone that's going to promote and be an advocate for you. Someone who will argue your case behind closed doors.
 Again, sponsorship has come up. This seems to be so important. When looking for a sponsor, you want to find someone that is a senior leader with influence, well-respected and credible, familiar with your strengths, has a track record of developing talent, provides exposure and provides cover when you're under attack. Getting sponsors outside of your immediate organization is a good thing, too!

How do you get a sponsor? Turns out, you don't just go out and get one - you have to earn one, cultivate it. You can do this by outperforming, making your value visible, observe the protocols, and network across your organization. You can do a lot of these things by looking for projects and exposure opportunities working with or for senior leaders.

None of this will work, though, if you don't have clarity about your own career goals!  You have to know what you want to do or where you want to go, and make sure that these senior level people in your shadow organization are aware of those goals.

You can find the full slides on Jo's site.

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: Keynote, Anita Jones, Another Perspective

Anita K. Jones, is a University Professor Ermerita at the University of Virginia and a Professor of Computer Science in the School of Engineering and Applied Science, and was sworn in as the Director of Defense Research and Engineering for the U.S. Department of Defense in June 1993.

Dr. Jones was the keynote speaker at the very first Grace Hopper Celebration in 1994! I wasn't at that first event, so how cool to get o see her now - a woman that has a seamount in the ocean after her!

Dr. Jones starts by looking at the conference theme: Are we there yet?

Analyzing this phrase, we need to think about the we - many great things are done together, so it's important who you associate yourself with.

Today, there are 2 times more jobs in IT than all other engineering disciplines combined. In the near future, there will be 4 times as many - an ever growing field, more people to surround yourself with :-)

Electrification of rural America in the 50s, better sanitation practice and better access to water revolutionized America and nearly doubled our life expectancies. Can there be a software revolution with that much impact?

Dr. Jones believes it's happening. The spread of the Internet, the ability to visualize organisms and galaxies, all the way to just-in-time delivery enabled by RFID tracking devices.

We're now connecting with one another in ways we never thought imaginable: there are 5 billion cellphones in the world, and only 7 billion people! We have Facebook, twitter, Google+ (and Google in general), LinkedIn, etc - where we can connect with each other, keep in touch, meet new people. Something unheard of just 20 years ago.

Yes, I did make new friends on a BBS nearly 20 years ago, and I'm sure some of you met folks through your MUDD or CompuServe chat room - but we were the very few, the Internet elite.

If you want to revolutionize the world, do research - but pick a new topic, look for new ways to  help the world. It's always easier to write the first thesis on a topic, as opposed to the 20th.  Dr. Jones jokingly said she'd like us to do research into making it possible to order really nice shoes that fit your feet perfectly.

This years revolution? Massive open online courses.While not the same as a university offered curriculum, it's getting there. Harvard and other big universities are funding these courses.

These can't be really successful until three is automated grading, individualized assistance and a way to motivate the students to finish. Let's do research in these areas - we can revolutionize education!

Revolutions can be hard: For example, the Air Force was against pilotless planes, because who are the top guys in the Air Force? Why, pilots of course - they didn't like the idea of these drones because it took pilots out of the picture. But these drones can do things pilots can't - fly for 40+ hours, no need for a cockpit, loaded with sensors and cameras and without risking the lives of pilots.  The Air Force still wasn't interested, until the Army tried to order some. The air, though, is the domain of the Air Force - and they didn't want to give that up to the Army :-)

Technology can revolutionize all sorts of industries. Being a computer scientist and information technologist means you can steer the revolution. We can make the difference!

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: Plenary Session: Technology in Governemnt, Another perspective

Moderator: Dr. Francine Berman (Rensselaer Polytechnic Institute) Panelists: Andrea Norris (National Institutes of Health), Debora A. Plunkett (National Security Agency), Dr. Laura Stubbs (Department of Defense), Farnam Jahanian (National Science Foundation)

Dr. Jahanian stressed how important computer security, networking and robustness were to the government and will be areas of investment for the US Government in the coming years.

Ms. Norris emphasized how important things like the Human Genome project were - you can now buy a DNA sequencer for less than a $1000 thanks to that project. She encouraged research on bringing drugs to market faster (currently it takes an average of 13 years from beginning research to consumer).  Already, targeted cancer treatments

Ms. Plunkett mentioned that the NSA faces some of the toughest problems - providing information assurance to the entire country. Information assurance is a national priority, but is under attack as there are many entities out there that would like to have access to the US Government's secrets. New technologies are enabling greater access for employees with great mobility, but it does increase the attack vector.

Dr. Stubbs' said they have growing jobs at the DoD in the areas of cyber science and technology, engineered resilient systems, counter weapons of mass destruction and research around remotely piloted aircraft (you know.. drones!)

All of the panelists did a great job of explaining all of the fun ways you can use your technology degree in the government, quickly answering questions about getting started (you can do as little as a summer internship, a 3 year assignment at the NSF or make a life time career out of it). Check it out yourself at USAJobs.gov!

This post syndicated from Thoughts on security, beer, theater and biking!

Thursday, October 4, 2012

GHC12: SRC Poster Competition: Graduate - Round 2

In this session semifinalist graduate students from the Wednesday night poster session are each given 15 minutes to present their work.

Jaya Kawale, University of Minnesota, presented on teleconnetions in climate data. I got to learn about dipoles that represented different classes of teleconnections characterized by anomalies. These are important, as they can cause temperature and precipitation anomalies throughout the globe. These anomalies can lead to droughts or monsoons, being able to predict them can help people better prepare for severe weather.

Kawale's research found that these weather anomalies had a partner event, so her research worked on correlating that and clustering the data.  By using automatic dipole discovery, most dipoles have been discovered and new ones are found quickly.  This data can also help with quantifying impact on land temperature.

Awalin Sopan, University of Maryland , started her presentation with a story about a series of crimes in a community. Where the police did not see the pattern, neighbors communicating online discovered the pattern and the crime was solved. This became Nation of Neighbors, a very successful way for neighbors to track crime in their own community.  Her team worked with them, along with social scientists, to find out what constitutes a successful community, classified by their tool ManyNets.  The tool itself is generic - it analyzes networks.

All communities have a lot of invitations, but successful ones had more reports. People tended to want to report things anonymously - but then how can you identify the top influencers?  They did it by looking at just basic activity.

More leaders in a community resulted in a more active and more beneficial community. Interestingly, very few of the leaders had anything to do with law enforcement, just concerned citizens that took on this role voluntarily.

Unfortunately, the researchers were unable to determine if the community became more safe or not after participation (no access to the data). Though, by participating, neighbors felt more safe.

Zalia Shams, Virginia Tech, presented her research on cross-testing. A pretty ingenious concept - when a CS class has an assignement, the TA needs to submit test programs to run against the programs, but then they also had the students submit their own test cases. Of course, most students will pass their own test cases, but then they would run other student's tests against another student's code - a great way to find bugs! (personal note: I always think that tests are better if someone else writes them. When you write your own tests, you'll miss your blind spots).

This isn't as simple as it sounds. Depending on the program, the test cases may need to be built against the submission, which lead to lots of compile errors. The researcher used late binding to work around this.

Just like in the real world, students weren't very excited about writing lots of test cases for their own project, but did like the idea of their tests cases being used against other students programs.  In one of their tests, they found that 0 submissions passed 100% of the tests. They had removed tests that were testing things that were outside of the scope of the assignment.

This is like crowd sourcing your tests. A fascinating idea, but unlikely to work outside of a university setting where you're forced to write many test cases :-)  But, I think this is a great idea to teach robust programming, and I do wonder how we could apply this to the industry.

This was all based on extending Web-CAT.

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: From Engineer to Executive: The Path Forward

Susan Zwinger, Oracle, is building upon Nora Denzel's keynote - here to talk about people.

Who is Sue? Well, she's an engineering VP at Oracle, but she's also a wife, a mother of two, daughter and frequent traveler.

Ms Zwinger didn't start out thinking she'd become a VP, with her degree in statistics. She started out as a software engineer, but quickly became bored and took a job designing a kernel internals course - where she got to travel all over the world to give the class.  She was hooked on the travel bug after that and looked for jobs that let her do that!

You want to choose a career that you can grow in, will increase your job satisfaction and improve your satisfaction. But, you need to figure out what your strengths and weaknesses are - and this changes as you grow.

You want to plan your career instead of just react - but that's not always possible. Ms. Zwinger's first husband committed suicide when their daughter was only a year old.  Initially feeling like everything was over, she picked up everything and moved to Tokyo. It taught her that she was strong and could find her way out of the worst circumstances imaginable.

Best ways to start planning? Figure out who you are - take a Myers Briggs test and do a 360 degree review (includes self review, peer rating, direct report rating, supervisor rating).
  •  Myers Briggs test
  • 360 degree review (includes self review, peer rating, direct report rating, supervisor rating)
    • Her own 360 taught her that she's great at results and leading her team through change, her reports loved her - but her peers did not.  She has problems with people skills, leaving "bodies in her path". Something to work on! 
  • FIRO-B  -  Fundamental Interpersonal relations Orientation-Behavior. 
    • She learned from tis that she had a need for control (which she knew) but also had a big need for affection (surprise!)
  • Coaches
    • People that will tell you the truth about yourself!
    • Sun paired her up with executive coach Steve Josephs
      • Taught her to respect everyone - sincerely, not just going through the motions.
      • when things are getting stressful or out of control, take a deep and slow breath.
  • The Leadership Derailer helps leaders find which weaknesses require improvement to succeed?
  • Management Skills Inventory
  • Books: Think Positive, Lou Tice
    • For Ms. Zwinger, this was applied to a simple thing: think about the positive parts of not biting her nails. Her fingers felt better. Focusing on that simple positive thought, she broke her long time bad habit.
  • Inspiring person: Think Olympian, Marilyn King
    • Injured for 9 months and could not practice for the decathlon, but thought through her training. Spent every day thinking about and watching the event. She ended up placing second in the trials.
A great and inspiring a talk, very relevant for me given my recent job change into management!

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: SRC Poster Competition: Undergraduate – Round Two

In this session semifinalist undergraduate students from the Wednesday night poster session are each given 15 minutes to present their work.

The first presentation was on Digital Organisms, a topic I had never heard about before!  Mairin Chesney, The student, whose name I missed, was from Michigan State. She was focusing on host and parasite organisms, along with sexual recombination. I have to admit, this was a bit difficult to wrap my head around, though the videos of a organism growing and being attacked by a parasite were quite fascinating. She also shared some stories from the research about these organisms learning things - like "playing dead" in an attack scenario.

The next presenter was Jillian Kramer, Villanova University, talking about her work on mobile technology and efficiency. For example, what's faster? Starting an app to read a QR code to get to a webpage, or just opening a browser window and tying in the URL? Her research assumed there was an expert user and the phone was already unlocked. The most efficient method for accessing a link? Clicking on a link in email, next fastest was QR code, finally - good old fashioned typing was the slowest.

Kaleigh Clary, Hendrix College, researched for a superior method for handwriting recognition by a machine. Part of her research had to do with teaching a machine to learn handwriting, using a lot of interesting algorithms She compared Self-Organized Maps with Growing Neural Gas Network, finding that GNG was the best.

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: Leveraging Mobile and Internet Technology to Improve Women's Lives in the Developing World

Ann Mei Chang (US Department of State), started out by telling us what we know: technology is important! While only about 30% of the world population are online, there is great gender disparity in  developing countries (20% fewer women have access to mobile technology).

In the US, men and women have relatively equal access to Facebook, but in Egypt/Africa, only 37% of the Facebook users are female. In Afghanistan, it's only 16%.

This is disturbing, because it's been shown that having access to technology increases individual's abilities to earn money and move their household (and eventually their country) forward.

Mobile apps can bring a lot of technology to individuals, like basic health information, government information, education, access markets so you that you can find out the price of goods, etc.

More apps are becoming available every day, but they are not widely used. There are many issues for this adoption, though, including that only 50% of the rural population has any type of cell coverage. This is also much more expensive in  places like Africa (both in real dollars and compared with their income). In the US, a mobile Internet connection costs about 1.5% of your monthly income - in Africa, it's 300% of their monthly income!

For women in particular, this can be worse, as their husbands/brothers/fathers are not allowing the women in their lives to even have access to mobile phones. The men in these countries believe the only reason a woman would want a phone is to have an affair, which is, 1) pretty ridiculous 2) extremely unlikely the reason why they'd want a phone. (Can you imagine telling a man that the only reason to have a phone was to have an affair? opinion mine)

Another barrier to entry is the types of phones available in these developing countries - remember feature phones? You know, pre-smartphone? (Okay, my husband is still using his ;-) You probably didn't use very many applications, and the ones that you used were probably SMS based. Those types of phones that many of us consider outdated are state of the art in other countries.

Ms Chang recommends trying to leverage existing technology and apps - already have recognition and people have access to it. Don't try to rebuild the wheel - too difficult to maintain.

She recommends designing applications for women's needs and priorities, working with intermediaries to help with access and literacy barriers, be open to a non-technical solution, and be aware of maintenance plans from the start.

Ms. Chang likes the idea of a technology career for women in developing countries, because of the flexibility of the hours and the fact that it's a new and emerging field, not male dominated (yet).

This post syndicated from Thoughts on security, beer, theater and biking!

GHC12: Welcome and Keynote

An exciting official welcome to the conference from Telle Witney - attendance at this year's conference is up from 23% from last year, has over 1500 students, and attendees from over 42 countries!

Nora Denzel, Technical Executive and Corporate Board Member, has a long list of great tech companies that she's been involved with, either as a board member or as a technical executive. She has also recently started "Mentoring Walks" - a way to mentor and get exercise at the same time Probably healthier than "Mentoring at Classic Gelato" :-)

Ms. Denzel took us down a fun walk down memory lane with great stories about programming on the TRS80: programs were stored on cassette (quality controlled by volume setting), you were allowed one array, two strings and 27 numerics, and worst of all - everything was in upper case only. :-)

Now, why upper case only?  Because it saved $5 off of the manufacturing cost of each machine.  Sounds silly nowadays, but those are the types of design compromises many of us will be asked to make in our career. Sure, you may not be making the best machine or software component you could - but it will be affordable by your users and available in a timely fashion.

Ms. Denzel could not believe her luck when she found out that it was possible to get paid to write code :-)

After a few years, she worked her way into meeting with customers, doing technical marketing and eventually a technical manager at IBM.  She left IBM when they wanted to transfer her to upstate New York. After having lived in California, she couldn't bear the thought of doing a winter in New York.

Women make up about 50% of the professional workforce, but only 25% of all computing jobs - down from 30% about a decade ago.  Fewer women are graduating with computing degrees, and even when they do get them, they don't stay in the field.

Ms. Denzel is asking all of us to work on recruiting more women into tech and help keeping them here. This matters, because gender diverse teams make better decisions - which means we can have better products.  Men and women approach problems differently - by working together, we can come up with more creative solutions.

For example, older dictation machines were designed by men and tested by men, but they did not work with the female voice - so they were not successful. Similarly, with airbags - the initial deployments were actually dangerous for women and children.

Rules for longevity in technology:
  • Your attitude.
    • Her dad told her, "Your attitude is like a flat tire, if you don't change it, you're not going anywhere".
    • Ms. Denzel realized  she didn't have a career path - but a career obstacle course. She had to change her attitude: these problems weren't happening to her, but for her.
  •  For longevity, you need to be very comfortable with being uncomfortable.
    • Don't be afraid of vertical learning curves.
  • Act as if...
    • Act as if you're confident. Act as if you're a good speaker. Act like that.
    • It's easier to act your way into a new way of thinking, rather than think way into a new way of thinking. Stay out of your head.
  • Control your career PR agent
    • That's you!
    • Sometimes our own personal "press releases are ... too long! Or... too much!
      • For example, Ms Denzel once, as an executive, congratulated a woman on a great technical talk. The woman then went through a laundry list of mistakes she had actually made, complained about how she was tired and not at her best, etc. Pointing out her own shortcomings and mistakes - where she should've just said, "Thank you".
  • It takes a village
    • Make sure you have a network that you can nurture.
    • It's not what you know, or who you know - but who knows what you know.
Tips for recruiting:
  • You can wear what you want
  • You get free food
  • You get SWAG
  • You have the chance to change the world
Lots of great things to think about! The "Act as if" reminds me of a great book I read, Leadership Presence. I've been using that for a few years, and it really does help.

You can find the more accurately captured quotes and citations at Nora's site.

This post syndicated from Thoughts on security, beer, theater and biking!

Wednesday, October 3, 2012

GHC12: New Investigators - Mobile Devices

Moderators: Gilda Garreton (Oracle), Rachel Pottinger (University of British Columbia)

 On User Privacy in Personalized Mobile Services

 Michaela Goetz, Twitter, presented her GHC12 Award Winning paper,

Ms. Goetz's paper covered her research on how to best target advertising without compromising user privacy - tricky if you want to find out which advertising is working and to target advertising appropriately.

Her research included a method for doing this without requiring a trusted third party server, which involves doing counts by including noise terms - enough to protect the privacy without statistically impacting the overall counts.

It's nice to allow the users to set their own personal context for what is sensitive or not: for example, going to the hospital to see a relative would be very private, but walking the dog may not be so. While it's nice for the advertisers to learn what is sensitive or not, but even then they could learn more about the user than desired.

Understanding How Children Use Touchscreens

Presented by Quincy Brown, Assistant Professor, Bowie State University.

This is an important topic, as millions of these devices are being sold. Kids love these touch screen products, but they are not designed with little fingers and skill sets.  Children have trouble with things like dragging - the concept of maintaining contact to drag was surprisingly challenging.

Dr. Brown's research covered adults as well, on several different devices. In one of the experiments, they measured success based on target size (area size you could touch in order to get the desired action) and gesture interaction (how they could do things like drawing letters or symbols). Children miss the targets twice as often as adults and found (unsurprisingly) that larger targets were easier for the children to find.

The researches discovered a new phenomenon: holdovers! When the application was "too slow" to respond so the user wasn't sure if they had hit the target or not, they would repeat their action. 96% of the "holdovers" came from children.

Kids gestures were also different - they lifted their fingers more often. For example, to draw a square, children frequently drew 4 independent lines, whereas adults never lifted their finger, just turning their finger to make the shape. This causes problems for the touch device - it doesn't recognize four lines that overlap at the corners as a "square".

This post syndicated from Thoughts on security, beer, theater and biking!