Becky Bace is the chief strategist of the Center for Forensics, Information Technology and Security (CFITS) – an organization designed to promote the advancement of knowledge related to the study and application of digital forensics and information technology security and assurance. CFITS is supported in part by the School of Computing of the University of South Alabama.
Bace is a pioneer in cybersecurity research and an early information security program manager, directing research in information security for the U.S. Department of Defense in the 1980s and 1990s. Specifically, she worked in the research division of the NSA’s National Computer Security Center (NSCS) and was program manager for intrusion detection research. Her programs focused on transferring research into the fledgling commercial security products market – a perspective forced on real problems and adversaries encountered by operational security folks.
She left NSA in the mid-1990s, served as an operational security manager for a national laboratory, then went to Silicon Valley where she worked in the early security product and services market. She then started a security-specialty consulting firm, Infidel; worked with Trident Capital as a venture consultant, overseeing the formation and growth of their security investment portfolio; and served as an adviser to a number of startups, all in the information security field.
“Perhaps the most critical role of leadership in managing security is to understand what has transpired in the past, enforcing a movement toward better security over time,” says Bace. This is especially critical to leadership at national and industry levels where standards are formed and enforced, she adds.
The second role of leadership, Bace says, is to reflect the understanding that any standard security approach must be well fitted to the operational context to which it is applied. “This is key to optimizing the balance of protection versus pain,” she says.
“Finally, leadership should promote the formation and robust operation of professional communities of trust,” she says. “Such communities are essential to allowing security professionals to stay current, relevant and thus respected within the field.”
Bace holds a master of engineering science degree (electrical, with concentration in digital systems) from Loyola University Maryland. Her publishing credits include Intrusion Detection (Macmillan Technical Publishing, 2000); A Guide to Forensic Testimony (with Fred Smith) (Addison Wesley, 2002); The Intrusion Detection Special Publication for the National Institute of Standards and Technology (SP-800-31); and the chapters on intrusion detection and vulnerability assessment for the Computer Security Handbook, Fourth Edition (Wiley, 2002) and Fifth Edition (Wiley, 2012).
“Over the years, I have watched as Becky mentored many emerging security leaders in our developing profession,” says Avid Melnick, CEO of Weblife Balance, a startup in the privacy/security space. “She invested generously and selflessly not only in developing others but in connecting those folks together. Whether she’s working with a startup or advising VCs/executives on security strategy, her experience and vast network continues to inspire me. Despite being one of our elder statesmen in the relatively new information security profession, she is always approachable and ready and willing to engage in a discussion around an emerging issue or challenge.”
Melnick says Bace’s leadership for the security profession includes the way she shares her knowledge, connects professionals in the field, mentors colleagues and helps executives grapple with the security implications of technology innovation.
Melnick adds, “I owe my involvement and leadership in the security profession to Becky, as do countless other current leaders in the profession today. She has become the glue that helps tie our profession together.”