Women in IT Security: Women to watch

Kat Calvin, tech entrepreneur, co-founder of Black Girls Hack/Blerdology, Michelle in Training, UpliftTECH

When Kat Calvin discovers a problem, a solution can't be far behind.

Not one to sit around and simply discuss an issue to death, Calvin prides herself on taking action. The latest venture from the co-founder of Blerdology, is aimed at helping organizations connect with Blacks and Hispanics already in STEM fields. 

Her initial goal, she says, was to encourage more minorities to get into STEM before she realized they were already there and just needed to be showcased to encourage young people, especially girls. “When they don't see women in STEM, blacks in STEM, children don't think they can do it,” she explains.

She is bringing the same passion to the effort, UpliftTECH, as she brought to Blerdology, created after she discovered that African-Americans, particularly black women, were under-represented in the tech industry. The group began to host hackathons, including Black Girls Hack – to spotlight tech startups – starting with an inaugural event in Atlanta. Blerdology, a riff on the phrase black nerds, or blerds, co-hosted a #BlackHack Hollywood hackathon at the forward-thinking SXSW festival in Austin before Calvin had to shutter it while battling a health issue.

A long-time advocate for getting women and minorities on equal footing in the workplace, particularly in tech, Calvin noticed the disparity earlier on – in her first year of college – between those students who came from professional or enriched households.

“It became incredibly obvious to me, first-generation college students have abysmally low graduation rates,” says Calvin, who is the fourth generation of women in her own family to go to college. “They hit a glass wall and don't understand why they're not succeeding.” – TR

Justine Young Gottshall, partner, Information Law Group

Justine Young Gottshall has extensive experience in privacy matters. She is currently working with a Silicon Valley client to create and implement a company-wide data security compliance program, and is working with many other clients on various components of these types of projects as well. 

Privacy and security issues around the collection, storage and use of consumer data continue to raise unique and important consumer protection issues, as well as being a fundamental element of corporate risk management, Gottshall says. "We are consistently addressing the issue of expected versus unexpected use of consumer information, the application of existing standards and regulation to new technologies and business practices, and implementing privacy by design as our clients develop new technologies and products that collect or use consumer data." 

Although she does not have an IT background, as a lawyer she says she works hard to understand the technology her clients are creating, licensing and using, which she finds fascinating. Recently, she wrote about FTC efforts to define the Internet of Things (IoT) for any company operating online. Specifically, she focused on security and privacy risks to consumers these devices pose.

As far as women advancing, she says many women are attaining their goals. "But there is always room for more."  

IT security, particularly privacy and data security, are exciting, dynamic fields for Gottshall. "I have the opportunity to work with innovative products and people," she says. "The work, technology and the issues are constantly changing. It is challenging but fun. And I would encourage anyone considering a career in IT security – whether on the engineering, business or legal side – to dive in. – GM

Mary Landesman, senior data scientist, Norse

Mary Landesman has worked in the security industry for more than two decades. She's been an expert source on such issues as web infections, malicious webmail scripts, brute-force attacks, detection capabilities and SMS spam at numerous conferences and summits. As well, she has published security-focused articles in a wide range of publications.

An early pioneer in the use of data analysis techniques for cyber threat intelligence, as senior data scientist at Norse – a provider of live attack intelligence – she is charged with detecting and analyzing cyber threats and developing effective prevention methods. Her probes reach deep into the darknet so as to help organizations detect and block attacks. She explains that she is developing methods to contextualize event data for a more human-consumable threat response system.

At Norse, she says, her team has a unique ability to gather data from all over the globe. "Our intelligence-gathering network is designed to attract attacks and emulates thousands of applications, so we see a vast number of attacks – basically taking the hit so our customers don't have to."

They're gleaning all sorts of interesting data from those attacks, such as the most attacked software, when certain threats are gaining in popularity, and so forth, she explains. They then we make this processed intelligence available to customers so they can protect themselves before the attacks happen to them.

"Probably the most interesting thing we're doing is using our global network of sensors to listen for malicious traffic and indicators of compromise from our customer's – and their partner's – networks. We call it the Norse Intelligence Service, and it's basically an early warning system for networks."

So often people take their laptops home or to another insecure network, the work laptop gets infected with malware or a bot of some sort, and then the employee brings the laptop back to work where it infects the rest of the network. As the malware or bot tries to talk back to its command-and-control system, Norse sensors see it, and can let the customer know immediately that they have a problem. It's a new way of looking at an old problem, she says.

As a woman in a traditionally male-dominated field, the obstacles she's faced were the same obstacles everyone faces when pursuing any demanding career - juggling family and work, trying to achieve the right balance of both. "Additionally," she says, "computer security is a very dynamic field where threats are constantly changing and so our skill sets must constantly evolve as well. It's not enough to just keep up, it requires anticipating and staying ahead of the changes. This is very challenging at times, but it's also a big part of what makes working in IT security so exciting."

The security industry offers a wide range of opportunities, she says, and the women she knows seem to have taken full advantage of those. "I worry, however, that younger women may not be aware of the many types of roles that are available and may be turned off by the stereotypes that persist despite the reality."

She considers herself extremely fortunate that at her very first job in the security industry, there were a lot of women in strong technical roles. As a result, she says, she was pretty far into her career before she realized that wasn't the norm. "In my current role, I am once again working with a lot of women in strong technical roles. This time around, 20 years after the first, I recognize what a rarity it is!" – GM

Jewel Timpe, senior manager for threat research, HP

Jewel Timpe is the senior manager for threat research with Hewlett-Packard Security Research (HPSR). In this role, she oversees the teams orchestrating threat research strategies, particularly in malware and information security research. As well, she directs HP's Zero-Day Initiative (ZDI) program, which provides zero-day research to mitigate weaknesses in the world's most popular software.

"Over the past 10 years the program has focused on enterprise-class software, identifying vulnerabilities before they are used in the wild and coordinating disclosure with affected vendors to create patches," she says.

A major initiative of her work in all her endeavors is to get the word out about sharing data intelligence. At last year's RSA Conference, for example, she spoke on vulnerability disclosures so as not to fall victim to exploits that already have been patched elesewhere.

"I have been very fortunate in my IT security career, with few barriers to overcome," she says. Most challenges have not been gender-related, but rather interpersonal relationships and playing the game. "I struggle with the notion that some manage the perception of their contributions better than others and are rewarded for it rather than actually delivering a body of work. I have not found this to be unique to IT security."

She sees more women attaining their goals in this field but can't for certain say why. "Is it because they are finally being recognized as equally competent or because there are simply more women in the field today than when I started?"

She says she knows a lot of women in the field who are brilliant and are in positions of leadership. But, also acknowledges that a fair number of women have left security for varying reasons. "The thing here is that there is a huge talent gap in the number of open positions and the number of qualified candidates across the board."

But this just means there is huge opportunity for all who enter this industry, she says. – GM

Yan Zhu, software engineer, Yahoo

“I'm really happy to be one of the people at Yahoo thinking of encrypting mail,” says Yan Zhu.

Indeed, the software engineer notes, “We're pretty devoted to encryption for email so Yahoo servers cannot read your email.”

That mission has led to a partnership of sorts with Google, which took the lead with its End-to-End tool, a Chrome extension first released in alpha last year and aimed, as the name implies, at providing encryption for email – from the time it leaves a user's browser until a recipient decrypts it. “Google took the lead and we're working from their work,” says Zhu, who explains that if the two large mail providers can ensure that messages are encrypted between their systems, then that would account for safeguarding the bulk of email.

Given the rising alarm over government surveillance and with a number of other privacy issues threatening, encryption, Zhu says, “has to be the future.”

Her interest in privacy was sparked and nurtured while she worked at the Electronic Frontier Foundation as a technologist. “I feel like being at EFF was a privileged position,” she says, noting that her work there on the Tor Project and HTTPs was with a small team, but one that “made a difference.”

She points out that Tor is no longer in the "dark corners” of the internet, emerging as a much-needed tool for not only whistleblowers, like Edward Snowden, who are leaking documents, but for others who require anonymity.

Zhu recently discovered that her own “default email client was configured to leak IP addresses” and when she realized she couldn't change it, she used her email in conjunction with Tor to hide those addresses.

Being able to encrypt and protect data will become increasingly important, she says, as the Internet of Things (IoT) comes to fruition. “In a world where there are a lot more sensors,” she explains, “it's important that all data for sensors is encrypted when sent to the server that's processing it.” And, given her jones for encryption, that's just the kind of initiative that should make Zhu very happy. – TR

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.