Becky Bace, chief strategist, Center for Forensics and IT Security at the University of South Alabama.
When we selected Becky Bace two years ago as one of 10 outstanding women for our Women in IT Security issue, she was cited as a pioneer in cybersecurity research and an early information security program manager, having directed research in information security for the U.S. Department of Defense in the 1980s and 1990s. Since our profile, she has been at the University of South Alabama.
Have you changed focus since SC Magazine first interviewed you for our Women in Security issue?
I'm still at University of South Alabama, still serving as strategist for the Center for Forensics and IT Security. We've a new security degree program in place (BS, MS, PhD) in Cyber Assurance, and I'm leading a set of tech transfer to practice workshops and activities supporting NSF-funded academic researchers in cybersecurity who want to transfer their results to use. I'm also mentoring a number of startups in the area, and serving as an advisor to several national-level programs.
What new security/privacy challenges have emerged since we last spoke to you? Any significant developments?
A lot of things that are being discussed as new challenges have actually be in discussion for some time in the research community. I see the victim footprint for attacks growing to include a lot more individuals and small businesses than before. I also see more business discussion of issues that need significant investments in R&D (e.g., cryptography in the post-quantum world)
What security/privacy issues have improved?
Ironically, the growth in losses associated with cybersecurity breaches has raised awareness to levels outstripping our most ambitious predictions of the past - we don't have to spend all our time convincing executive management that security protections are an essential part of doing anything online (i.e., conducting business in this day and age.) There is a lot more discussion of what security and privacy measures are useful and how to apportion the protections between locally and globally provided (the discussions associated with the move of enterprises to the cloud have been especially interesting.)
How have things changed for women in security over the last year or two? Any progress? Setbacks?
I see an explosion in the number of activities that encourage girls and women to enter the area. Good news is the sheer number of activities and the publicity they get. Bad news is that I see a lot of programs run by folks who don't understand the area (i.e., knowing how to hack a system is of limited value to someone who wishes to lead a corporate security program or pursue an advanced degree in secure system design.) I also see programs that presume that attracting women to the area is sufficient - the number of departures due to workplace issues worry me as much, if not more.
What advice would you give young women interested in entering this field?
Go online and start exploring the security world. Invest the time in reading books on the area (we've loads of good stories) and exploring all the different roles you could play in the community. Look for areas that are interesting to you, that appear to be a good fit for your talents and skills, and pursue them as you would a new hobby or passion. Finally, take advantage of all the new gatherings and outreach programs targeting women to learn more - you'll meet folks there who can provide advice and connections to you as you identify and pursue your goals.