These seven women are featured for their noteworthy efforts, which have impacted the field of online securityand data privacy for the better.
president and CEO, Alta Associates; founder of the Executive Women’s Forum (EWF)
When Joyce Brocaglia peruses the panelists and keynotes at most security and IT conferences, she doesn’t see many women on the roster, which means she still has plenty of work left to do both as CEO of Alta Associates, a leading executive search firm in IT risk management, information security and privacy, and as tireless evangelist of the Executive Women’s Forum (EWF).
Nearly 30 years after founding Alta – two decades after Russians hacked into Citibank and the search firm helped build the first-ever information security organization, evolving into the go-to firm for CISOs and the teams that support them for companies that are the targets of sophisticated cyber attacks and identity theft – Brocaglia says that while “plenty of women are thought leaders,” they continue to navigate a thornier path than men marked by obstacles and pitfalls — among them that a “loving, caring, nurturing side is seen as a weakness.”
Still, women in security have marched steadily toward progress and their strengths, beyond their skillsets, are in demand. Many C-level searches these days aren’t just looking for the most technical person but rather “they’re asking us for influencers,” says Brocaglia, whose own greatest influence has been her mother. That’s just the kind of security professionals that she has spent years amassing at both Alta and the EWF.
Having spent a good deal of her own career “as the only woman in the room,” Brocaglia realized she had “met a lot of great women” along the way, but discovered “they didn’t know each other.” By creating the EWF, she hoped to construct a “safe venue for women to share their ideas and empower each other.” And, indeed, what started as a cocktail party meetup has turned into a more than 750-member strong “sisterhood” that help women hone and grow their professional and leadership skills, build important networks and gather industry business intelligence — and supports educational opportunities for women security.
The goal: to help women gain and sustain the confidence they need to assume leadership roles in the security industry. “Leadership is 15 percent technical competence and 85 percent confidence,” she says. The EWF’s mission extends beyond helping women achieve their professional aspirations to helping them fulfill their personal dreams. “Women live integrated lives, we’re expected to do all things at all times,” says Brocaglia, noting the importance of pursuing professional and personal endeavors with competence and confidence. Response to her efforts have been overwhelmingly positive…from both genders. “Men and women at the top are equally supportive of our mission to advance women in our field,” Brocaglia says. – Teri Robinson
president and CEO, iKeepSafe
Marsali Hancock wants to help children stay safe in the digital world, and as the president and CEO of the Internet Keep Safe Coalition (iKeepSafe), she does just that.
iKeepSafe is an international network of more than 100 policy leaders, educators, law enforcement workers, technology experts and advocates who help track the effects on children of internet-connected devices. The nonprofit group conducts research to provide resources for parents, educators and policymakers when teaching children how to safely operate various devices.
In her role, Hancock engages with both national and international groups on digital citizenship issues, which include cyber safety, security, ethics and responsibility. For the National Cyber Security Alliance, for example, she helps create curricula and set standards and priorities for educators from kindergarten through high school. She also works as an education partner for the International Multilateral Partnership Against Cyber Threats (IMPACT) in order to develop and implement new education strategies.
Her company is creating a new product, the iKeepSafe FERPA Seal, to help schools understand the digital world and protect themselves from liability. Hancock is overseeing the tool’s creation.
A large part of Hancock’s life might be dedicated to youth’s online safety, but in her off time she plays violin, gardens and travels with her children. – Ashley Carman
principal, Law Office of Marcia Hofmann
Before opening her own boutique law firm in June 2013, Marcia Hofmann came to prominence as a senior staff attorney at the nonprofit Electronic Frontier Foundation, where she worked on a wide range of issues involving computer security, electronic privacy, free expression and copyright.
In an article for Wired, for example, she discussed the privacy issues following the introduction of Apple’s iTouch, which permits iPhone users to unlock their phones by pressing their finger to the device surface where a scanner validates the fingerprint. Hofmann questioned whether the constitutional protection guaranteed by the Fifth Amendment (“no person shall be compelled in any criminal case to be a witness against himself”) may not pertain in cases involving biometric-based fingerprints – as using a finger to open a phone is not privileged. As any lawyer will tell you, the glory is in the minutiae – digging deep into the implications of how authentication might be here applied.
Her suggestions also prompted Rep. Zoe Lofgren (D-Calif.) to revise and expand her proposed “Aaron’s Law,” intended to reform the Computer Fraud and Abuse Act, the law used by the government in its prosecution of Aaron Swartz, a computer programmer who fought against internet censorship and who – before committing suicide – faced data theft charges for making available troves of data he accessed from the digital library JSTOR via MIT’s network. The revised bill defines what “access without authorization” actually means – basically, the circumvention of technological barriers, an area Hofmann has worked to make more lucid in the courtroom by arguing to unshackle from antiquated applications of law innovative new techniques involving digital explorations.
At her new firm, she has been doing a variety of things, working on privacy and free expression issues, encryption and copyright challenges. Her clients include the Freedom of Press Foundation (where she worked on SecureDrop, an open source offering that allows global news organizations to securely accept documents from whistleblowers), and Russian activists Pussy Riot, when they ran into legal issues while here in the U.S. She’s also assisted prominent researchers, suh as HD Moore at Rapid7 and Moxie Marlinspike, as they contend with legal issues arising from digital privacy, copyright, free expression, provider immunity, computer crime and consumer protection issues.
“It’s really fun,” she says. “The internet is a global phenomenon. These are interesting times and it’s really fun to be on the lines in deciphering where certain laws apply and where do they extend.” Some of those laws are often ill-defined, she adds, and she works to help those on the front lines advance emerging technologies in a court system straining under the burden of legacy laws whose application needs new definitions in the digital age. – Greg Masters
platform security engineer, Heroku
Leigh Honeywell is a malware operations engineer, Google Summer of Code mentor, blogger, feminist hacker space community builder, avid reader, bike enthusiast, adviser to the Ada Initiative, all of the above…and more.
From her résumé, it’s hard to believe that Honeywell’s security career began just a decade ago when, as a teen from Canada and member of the Slashdot community, she traveled to New York on a friend’s advice to attend a hacker convention. It was there that she was particularly inspired by a speech by Aiden Riley Eller, who is among other things, a hacker.
She doesn’t recall what Eller talked about, but “I remember thinking that’s what [business] I wanted to be in,” says Honeywell. By then, she had dropped out of college and was working at Bell Canada. But soon enough she found herself back in school, studying computer science and working at MessageLabs, which was eventually bought by Symantec, where Honeywell became a malware operations engineer.
She finished up her degree at the University of Toronto and along the way co-founded HackLab.TO, the Canadian city’s hacker space, and accepted a security program manager position at Microsoft.
More recently, answering the siren call, she says, Honeywell moved to San Francisco, took a job with Heroku – as part of the security team – and, according to her blog, joined the feminist hacker space Double Union.
A community-builder, self-described geek and a recognized feminist, Honeywell is a sought-after speaker, sits on the advisory committee of the SECtor security conference and also blogs at both Geek Feminism and hypatia.ca. She’s an adviser to the Ada Initiative that supports women in open technology and culture.
Despite her accomplishments in such a short period of time, Honeywell says that the “micro-aggression” in the security industry can make it tough for women. “It undermines your sense of belonging,” she says.
Honeywell also takes issue with the attitude that to do security work “you have to be rough around the edges and a jerk.” But for those coming up in the industry, “it doesn’t have to be that way,” she says, noting that the field includes some “amazing mentors and peers,” and she feels “more confident in my place.”
– Teri Robinson
Joan Lyman, who co-founded SecureWorks before Dell acquired the company for $600 million in 2011, is no newcomer to navigating the business of security. Furthermore, she has made it her mission to educate other women entrepreneurs in the space, as well as those launching technology-driven companies.
As a national adviser for nonprofit Springboard Enterprises, Lyman has coached numerous women-owned businesses through the growing pains associated with the early years of operation. Founded in 2000, Washington D.C.-based Springboard, a financial literary nonprofit, has taken around 600 women under its wing and helped its portfolio of businesses raise $6.5 billion in financing over the years.
In 2013, Lyman also made a commitment to manage Springboard’s efforts in Chile, where the organization is implementing a financial literacy program to counter the many obstacles facing female entrepreneurs in the country.
“Unlike America, Chile has a lack of high tech infrastructure, a lack of authentic, real-time mentors and they struggle with the woman entrepreneur and how to work with her and educate her,” Lyman tells SC Magazine.
The educator also serves on the advisory board of Startup Chicks, an organization focused on empowering women entrepreneurs through education, community outreach and investment opportunities.
Aside from her work specifically with women in tech, Lyman is also a partner and founding member of LMG Corp., an Atlanta economics consulting and education practice that was launched in 2006. The firm aims to help founders and first-time investors understand shareholder rights.
Of her mission at LMG, Lyman tells SC Magazine that she now has the opportunity to work with business founders who are often in need of crucial guidance. An accomplished point in her career was when investors (along with founders) began calling up the firm.
“Now investors will say, ‘I want you to represent the group.’ Not because I’m a lawyer, but because I’m a founder myself,” Lyman says. – Danielle Walker
founder/CEO, Unitive; formerly co-founder and chief visionary, Silver Tail Systems
Laura Mather is widely recognized as one of the world’s leading experts in attacks against websites and online infrastructure. After obtaining a doctorate in computer science (while working as a research analyst for the National Security Agency), she worked as director of research and analysis for the online division of Encyclopedia Britannica, spent three years as director, trust and safety at eBay. She also served five years as the managing director of operational policy for the Anti-Phishing Working Group, where she led internet policy to fight electronic crimes.
It was during her stint as director of fraud prevention at eBay that Mather’s determination to defeat scamsters really took hold. The number of attacks against the popular site were staggering and she had no choice but to deal with them in a reactive way. Lacking the tools that would inform her of anamolous activity, she was forced to rely on reports from the victims. She felt responsible and sought a solution that relied on a different paradigm than existing options.
The breakthrough came in monitoring behaviors of web users. The online activities of criminals stood out from legitimate customers, she discovered. In 2008, she co-founded Silver Tail Systems, a web session intelligence company, to take her expertise in online behavioral patterns and strategies of outwitting criminals to the next level. Along with co-founder Mike Eynon and their team, Mather built tools to forge an alternative approach to analyzing the behavioral patterns of online users so as to bring actions out of the norm to the attention of security personnel.
Recognized by Fast Company as one of 2012’s “Most Creative People in Business,” and also singled out that year by Fortune as one of the “10 Most Powerful Women Entrepreneurs,” Mather’s tools are now in use by many of the largest websites on the internet.
This past year, she founded a new enterprise, Unitive.org, whose mission is to create diversity through innovation, particularly for leadership roles in the STEM fields. “Through my experience in security, start ups and technology, I was dismayed by the lack of diversity,” Mather told SC. “I solve problems by building software, so – through Unitive – I’ve decided to build software that removes unconscious bias from hiring and promotion processes.”
The company is in the very early stages, but Mather says she is excited to try to change the landscape. – Greg Masters
security engineer, Open Internet Tools Project
Hacker, designer, artist, writer, and barbarian are a few of the terms Eleanor Saitta uses to describe herself.
In her role as technical director at the International Modern Media Institute (IMMI), Saitta analyzes public policy statements and legal documents for internal projects and external collaborations, as well as consulted on publicity, public relations and funding issues.
Consulting is something Saitta knows quite a bit about.
As an independent consultant, Saitta has worked with news organizations and non-governmental organizations that operate in high-risk environments with nation-state adversaries. She provides security strategy, operational security practices and policies, physical site security review, and code review and architectural security advice on messaging systems, public-facing sites, leak platforms, data management systems, and a variety of other tools.
Saitta previously held the position of principal security engineer with the Open Internet Tools Project (OpenITP), where she structured and built the Peer Review Board, a project aimed at raising security standards of humanitarian free software across the software development lifecycle and by provisioning commercial audits. Additionally, she provided security and development advice for many software projects, as well as developed protocols for project and firm audit selection and interaction, responsible disclosure, and audit conflict management within PRB.
Prior to that, Saitta served in numerous other security, engineering and technical roles for various companies, including Stach & Liu, iSEC Partners, Security Innovation, IOActive, Optimal Engineering Solutions, Inc., and GIE Media, Inc, among others.
Saitta attended Case Western Reserve University, where some of her areas of study included artificial intelligence, numeric methods, database systems, software engineering, user interface design, systems analysis and organization design, complex systems modeling and analysis, and heresy in the middle ages.
Saitta regularly talks at conferences across the world, including at CCC Congress, Transmediale, ToorCon, Knutepunk, and Arse Elekronika. Some of the “languages” she speaks include Python, C#, C/C++, Unix Shell, SQL, XML, HTML, and CSS.
“The two biggest challenges facing the security community today are dealing with a post-assurance world where all systems can and eventually will break, and communicating security models and guarantees to end users in a way that allow them to make meaningful risk decisions,” Saitta told SC Magazine. – Adam Greenberg