Tag Archives: Community

NSA reports flaw in Windows cryptography core

After years of criticism from the infosec community about hoarding critical vulnerabilities, the National Security Agency may be changing course.

The highlight of Microsoft’s first Patch Tuesday of 2020 is a vulnerability in the Windows cryptography core first reported to vendor by the NSA. The flaw in CryptoAPI DLL (CVE-2020-0601) affects Windows 10 and Windows Server 2016 and 2019. According to Microsoft’s description, an attacker could exploit how Windows validates ECC certificates in order to launch spoofing attacks.

The NSA gave a more robust description in its advisory, noting that the Windows cryptography flaw also affects “applications that rely on Windows for trust functionality,” and specifically impacts HTTPS connections, signed files and emails and signed executable code.

“Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities,” NSA wrote in its advisory. “NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available.”

Will Dormann, vulnerability analyst at the CERT Coordination Center, confirmed the issue also affects X.509 certificates, meaning an attacker could spoof a certificate chain to a trusted root certificate authority and potentially intercept or modify TLS-encrypted communication.

Johannes Ullrich, fellow at the SANS Internet Storm Center, said the flaw is especially noteworthy because “the affected library is a core component of the Windows operating systems. Pretty much all software doing any kind of cryptography uses it.”

“The flaw is dangerous in that it allows an attacker to impersonate trusted websites and trusted software publishers. Digital signatures are used everywhere to protect the integrity and the authenticity of software, web pages and, in some cases, email,” Ullrich told SearchSecurity. “This flaw could be used to trick a user into installing malicious software. Most endpoint protection products will inspect the digital signature of software the user installs, and consider software created by trusted organizations as harmless. Using this flaw, an attacker would be able attach a signature claiming that the software was created by a trusted entity.”

However, Craig Young, computer security researcher for Tripwire’s vulnerability and exposure research team, said the impact of this Windows cryptography vulnerability might be more limited to enterprises and “most individuals don’t need to lose sleep over this attack just yet.”

“The primary attack vectors most people would care about are HTTPS session compromise malware with spoofed authenticode signatures. The attack against HTTPS however requires that the attacker can insert themselves on the network between the client and server. This mostly limits the attack to nation-state adversaries,” Young told SearchSecurity. “The real risk is more likely to enterprises where a nation state attacker may be motivated to carry out an attack. The worst-case scenario would be that a hostile or compromised network operator is used to replace legitimate executable content from an HTTPS session with malicious binaries having a spoofed signature.”

Beyond patching, NSA suggested network prevention and detection techniques to inspect certificates outside of Windows cryptography validation.

“Some enterprises route traffic through existing proxy devices that perform TLS inspection, but do not use Windows for certificate validation. The devices can help isolate vulnerable endpoints behind the proxies while the endpoints are being patched,” NSA wrote. “Properly configured and managed TLS inspection proxies independently validate TLS certificates from external entities and will reject invalid or untrusted certificates, protecting endpoints from certificates that attempt to exploit the vulnerabilities. Ensure that certificate validation is enabled for TLS proxies to limit exposure to this class of vulnerabilities and review logs for signs of exploitation.”

NSA takes credit

Infosec experts credited the NSA for not only reporting the Windows cryptography flaw but also providing detailed insight and advice about the threat. Chris Morales, head of security analytics at Vectra, based in San Jose, Calif., praised the NSA for recommending “leveraging network detection to identify malicious certificates.”

“I think they did a great job of being concise and clear on both the problem and recommended courses of action,” Morales told SearchSecurity. “Of course, it would be great if the NSA did more of this, but it is not their normal job and I wouldn’t expect them to be accountable for doing a vendor job. Relying on the vendor for notification of security events will always be important.”

Young also commended the NSA’s advisory for being very helpful and providing “useful insights which are not included in either the CERT/CC note or the Microsoft advisory.”

The NSA is designated as the Executive Secretariat of the government’s Vulnerabilities Equities Process (VEP), designed to organize the process of determining what vulnerabilities found by federal agencies would be kept secret and which would be disclosed. However, the NSA has consistently received criticism from experts that it keeps too many vulnerabilities secret and should disclose more in order to help protect the public. In recent years, this criticism was loudest when leaked NSA cyberweapons were used in widespread WannaCry attacks.

The NSA advisory for the Windows cryptography flaw is rare for the agency, which has been more open with warnings about potential threats but hasn’t been known to share more technical analysis.

Also making this vulnerability an outlier is that the NSA was given attribution in Microsoft’s patch acknowledgements section. Anne Neuberger, deputy national manager at the NSA, said on a call with news media Tuesday that this wasn’t the first vulnerability the NSA has reported to Microsoft, but it does mark the first time the agency accepted attribution.

Infosec journalist Brian Krebs, who broke the story of the Windows cryptography patch on Monday, claimed sources told him this disclosure may mark the beginning of a new initiative at NSA to make more vulnerability research available to vendors and the public.

NSA did not respond to requests for comment at the time of this writing.

Go to Original Article

Supporting modern technology policy for the financial services industry – guidelines by the European Banking Authority | Transform

The financial services community has unprecedented opportunity ahead. With new technologies like cloud, AI and blockchain, firms are creating new customer experiences, managing risk more effectively, combating financial crime, and meeting critical operational objectives. Banks, insurers and other services providers are choosing digital innovation to address these opportunities at a time when competition is increasing from every angle – from traditional and non-traditional players alike.

At the same time, our experience is that lack of clarity in regulation can hinder adoption of these exciting technologies, as regulatory compliance remains fundamental to financial institutions using technology they trust.  Indeed, the common question I get from customers is: Will regulators let me use your technology, and have you built in the capabilities to help me meet my compliance obligations?

A portrait of Dave Dadoun, assistant general counsel for Microsoft.
Dave Dadoun.

With this in mind, we applaud the European Banking Authority’s (EBA) revised Guidelines on outsourcing arrangements which, in part, address the use of cloud computing. For several years now we have shared perspectives with regulators on how regulation can be modernized to address cloud computing without diminishing the security, privacy, transparency and compliance safeguards necessary in a native cloud or hybrid-cloud world. In fact, cloud computing can afford financial institutions greater risk assurance – particularly on key things like managing data, securing data, addressing cyber threats and maintaining resilience.

At the core of the revised guidelines are a set of flexible principles addressing cloud in financial services. Indeed, the EBA has been clear these “guidelines are subject to the principle of proportionality,” and should be “applied in a manner that is appropriate, taking into account, in particular, the institution’s or payment institution’s size … and the nature, scope and complexity of its activities.” In addition, the guidelines set out to harmonize approaches across jurisdictions, a big step forward for financial institutions to have predictability and consistency among regulators in Europe. We think the EBA took this smart move to support leading-edge innovation and responsible adoption, and prepare for more advanced technology like machine learning and AI going forward.

Given these guidelines reflect a modernized approach that transcends Europe, we have updated our global Financial Services Amendment for customers to reflect these key changes. We have also created a regulatory mapping document which shows how our cloud services and underlying contractual commitments map to these requirements in an EU Checklist. The EU Checklist is accessible on the Microsoft Service Trust Portal. In essence, Europe offers the benchmark in establishing rules to permit use of cloud for financial services and we are proud to align to such requirements.

Because this is such an important milestone for the financial sector, we wanted to share our point-of-view on a few key aspects of the guidelines, which may help firms accelerate technology transformation with the Microsoft cloud going forward:

  • Auditability: As cloud has become more prevalent, we think it is natural to extend audit rights to cloud vendors in circumstances that warrant it. We also think that audits are not a one-size-fits-all approach but adaptable based on use cases – particularly whether it involves running core banking systems in the cloud. Microsoft has provided innovations to help supervise and audit hyper-scale cloud, including:
  • Data localization: We are pleased there are no data localization requirements in the EBA guidance. Rather, customers must assess the legal, security and other risks where data is stored, as opposed to mandating data be stored strictly in Europe. We help customers manage and assess such risk by providing:
    • Contractual commitments to store data at rest in a specified region (including Europe).
    • Transparency where data is stored.
    • Full commitments to meet key privacy requirements, like the General Data Protection Regulation (GDPR).
    • Flow-through of such commitments to our subcontractors.
  • Subcontractors. The guidelines address subcontractors, particularly those that provide “critical or important” functions. Management, governance and oversight of Microsoft’s subcontractors is core to what we do.  Among other things:
    • Microsoft’s subcontractors are subject to a vetting process and must follow the same privacy and governance controls we ourselves implement to protect customer data.
    • We provide transparency about subcontractors who may have access to customer data and provide 180 days notification about any new subcontractors as well.
    • We provide customers termination rights should they conclude a subcontractor presents a material increase in risk to a critical or important function of their operations.
  • Core platforms: We welcome the EBA’s position providing clarity that core platforms may run in the cloud. What matters is governance, documenting protocols, the security and resiliency of such systems, and having appropriate oversight (and audit rights), and commitments to terminate an agreement, if and when that becomes necessary. These are all capabilities Microsoft offers to its customers and we now see movement among leading banks to put core systems into our cloud because of the benefits we provide.
  • Business Continuity and Exit Planning. Institutions must have business continuity plans and test them periodically for use of critical or important functions. Microsoft has supported our customers to meet this requirement, including providing a Modern Cloud Risk Assessment toolkit and, in addition, in the Service Trust Portal documentation on our service resilience architecture, our Enterprise Business Continuity Management team (EBCM), and a quarterly report detailing results from our recent EBCM testing. In addition, we have supported our customers in preparing exit planning documentation, and we work with industry bodies like the European Banking Federation towards further industry guidance for these new EBA requirements.
  • Concentration risk: The EBA addresses the need to assess whether concentration risk may exist due to potential systemic failures in use of cloud services (and other legacy infrastructure). However, this is balanced with understanding what the risks are of a single point of failure, and to balance those risks and trade-offs from existing legacy systems. In short, financial institutions should assess the resiliency and safeguards provided with our hyper-scale cloud services, which can offer a more robust approach than systems in place today. When making those assessments, financial institutions may decide to lean-in more with cloud as they transform their businesses going forward.

The EBA framework is a great step forward to help modernize regulation and take advantage of cloud computing. We look forward to participating in ongoing industry discussion, such as new guidance under consideration by the European Insurance and Occupational Pension Authority concerning use of cloud services, as well as assisting other regions and countries in their journey to creating more modern policy that both supports innovation while protecting the integrity of critical global infrastructure.

For more information on Microsoft in the financial services industry, please go here.

Top photo courtesy of the European Banking Authority.

Go to Original Article
Author: Microsoft News Center

Watch For, Hackathon 2017 winner, powers Mixer’s massively successful HypeZone

HypeZone, released in December 2017, rapidly gained millions of new users to livestream community Mixer. HypeZone’s secret weapon? The 2017 Hackathon Grand Prize Winner, Watch For, a Microsoft Garage project.

Last month, Microsoft’s fifth annual One Week Hackathon wrapped up with astounding numbers. This year, during the largest private hackathon on the planet, over 23,000 employees registered to hack, and ultimately created 5,800 projects. As judging for this year’s projects begins and eager hackers await the winner announcements, it’s the perfect time to reconnect with last year’s Grand Prize Winner.

Originally called Lookout, the project team now known as Watch For has made tremendous strides in both personal growth and Microsoft business growth. Over the past year, team members Lenin Ravindranath Sivalingam, Matthai Philipose and Peter Bodik have been working as an incubation startup within Microsoft Research with autonomy and ownership to steer their project in a direction they desire.

The team’s original idea, which won the 2017 Hackathon, was an app to monitor live video streams on behalf of a user and notify him or her when specified events occur. Such a seemingly simple idea can be very powerful using artificial intelligence with many different applications.

2017 Hackathon winning team: Hackathon 2017 winning team: Matthai Philipose, Lenin Sivalingam, Yifan Wu, Peter Bodik and Victor Bahl. (Photo by Elizabeth Ong)
Hackathon 2017 winning team: Matthai Philipose, Lenin Sivalingam, Yifan Wu, Peter Bodik and Victor Bahl. (Photo by Elizabeth Ong)

As part of Microsoft Research, the project team members previously worked on video analytics for enterprise scenarios in their day jobs. One of their biggest partners was working with the city to monitor and analyze traffic cameras for a better understanding of how pedestrians, bikes, and vehicles crossed intersections.

Not surprisingly, livestreams are big in enterprise settings, and that translates as well to consumer settings. For Lenin, Matthai, and Peter, the most interesting part of working on a hack project was experimenting with how best to apply video analysis to consumer scenarios.

“What attracted me to this hackathon project was the chance to apply AI in large scale and at low-cost to the consumer setting. Our project really pushes the envelope on how efficient the AI systems would need to be, and it’s also meaningful in that my kids and mother can understand it and use it.” Matthai explained, adding, “And I love the idea of working with Lenin and Peter.”

The team took what they learned over the years about video analytics and traffic cams, and created such a compelling project that not only did Microsoft CEO Satya Nadella put his influence behind them, but the senior leadership team took notice and became excited about the possibilities. Ed Essey, principal program manager of Microsoft Garage, helped prepare the team to think and work like a lean startup.

Over the course of several months, they fine-tuned a business strategy for their product – including the team’s special blend of expertise, knowledge, experience, and idea-leadership – that led the team to work on Watch For full time.
In September 2017, a few weeks after the team’s Hackathon win, the Mixer group reached out to the team, having seen their project video. Mixer, acquired by Microsoft in 2016 as Beam, is a next-generation, interactive live streaming platform with a large gaming audience.

Taking a community-first focus on features, Matt Salsamendi, principal software engineering lead, Mixer and Chad Gibson, general manager, Mixer saw huge opportunity to accelerate Mixer’s vision in the computer vision space and were excited to partner with other Microsoft teams working in this area.

HypeZone Fortnite

The more popular games on Mixer tend to be multiplayer battle-royale style competitions where the last person standing wins. “Games like PlayerUnknown’s Battlegrounds (PUBG) and Fortnite are pretty new. For these games, a very simple thing works very well to light up Mixer scenarios.” Peter explained.

The scenario that Matt and Chad of Mixer wanted to execute on was how best to surface the most interesting parts of streams to a bigger audience. There are thousands of streams at any given time, of which only a couple hundred get viewed by most people. How do the rest of the streamers get any visibility and how do you avoid wasting those assets? How do Mixer fans discover those hidden gems? “The game streaming ecosystem has lots of undiscovered content, people wanting to be discovered, and viewers wanting to discover more compelling moments.”

“The game streaming ecosystem has lots of undiscovered content, people wanting to be discovered, and viewers wanting to discover more compelling moments.”

Lenin, Matthai, and Peter started to work closely with the Mixer team last September, and an ambitious goal organically formed, of launching new channels in winter of 2017 tailored with content discovered by AI models trained to “Watch For” specific events in streams. The timing coincided with PUBG’s release on Xbox One, which was fast becoming one of the most popular games on Mixer.

Mixer already had a front-end design where a single channel could host many different people’s streams continuously – they took advantage of that, and queried Watch For’s backend to determine when to switch between streams for the most interesting content. Thus, HypeZone was born – channels on Mixer using Watch For algorithms to highlight the final, nail-biting rounds of last-person standing games like PUBG that viewers found so engaging to watch.

“Matt already had the idea of HypeZone itself, to switch from stream to stream within a channel – but the experience of HypeZone evolved very quickly during our collaboration.” Lenin recalled. “We met with Matt and Chad early September. Two weeks later we had a prototype that we showed them. Then we kept improving its accuracy. By mid-October we had another prototype that they could use to run their HypeZone experience. We tested it for another 3 weeks. Then, 2 days before release, PUBG changed their UI. 1 day before release, we had to completely change all our models.”

Despite the whirlwind of activity, the Watch For team appreciated Mixer’s style of working fast and friendly. “As a business group, Mixer is very agile and easy to work with. We work close and we work well together.”


“The choice of content for HypeZone is determined by all the analysis Watch For does. Which is one of the reasons why we were able to move so fast,” Peter explained. Peter and team had to tailor their AI models for HypeZone by building core video analytics skills specific to each game.

Over the last several months, HypeZone channels were among the most popular channels on Mixer. “It’s a win-win product. Viewers love it because it shows only the most exciting content, and streamers love it because they get featured on Mixer’s front page and get new followers. They start streaming more because they want to be featured on HypeZone and gain followers.” Game producers can also be counted among the many fans as HypeZone provides more exposure for their games.

The biggest challenge – and the team’s biggest accomplishment – was how to get HypeZone to scale, and at low-cost.

“HypeZone is driven by Watch For’s large-scale video analysis of every stream that’s coming into Mixer. Every stream we try to understand what’s on the screen. We look for various metadata that tell us the game is exciting. Text on the screen, icons that tell you state of the game, player stats and score. Over time we have evolved to understand more and more.” Lenin explained.

The secret sauce is very much a combination of Matthai’s AI expertise and Lenin and Peter’s end-to-end distributive systems knowledge that allows them to deeply and efficiently analyze and understand each stream’s content in real-time.

“This is one of the advantages of being in a company like Microsoft. The Garage and Hackathon gave us visibility, but there was a product group (Mixer) out there looking around who had a great understanding of their customers, and that Watch For might light up their market.” Matthai recalled how it all came together. “There was an element of luck that battle royale type games came into vogue around the same time. It’s a combination of all of these things that made this partnership work so well.”

“It’s one thing to have cool demos and enthusiasm from senior leadership, but it’s another thing to see our customers enjoying, laughing and crying , wanting to see more. That’s what really lit a fire under the whole project, that connection.”

A game-changer for streaming content platforms and how content can be surfaced and consumed – Watch For is a stellar example of using artificial intelligence for consumer scenarios. What’s next for Watch For? The team continues to work with Mixer, and other groups, to create awesome experiences yet to come using the power of AI.

Story by Meixia Huang

Check out HypeZone on Mixer https://mixer.com/
Get videos on the Mixer Channel One on YouTube
Follow Mixer on Twitter: https://twitter.com/WatchMixer
Read more about this Hackathon team:
Artificial intelligence eclipses cloud and mobile projects to win the day at Microsoft 2017 Hackathon

Amanda Rousseau on becoming a cybersecurity researcher

The relationship between law enforcement and the infosec community can be cordial and cooperative at times. But it can also be confrontational and divisive, as in the debate surrounding backdoors in strong encryption for lawful access or the arrest of cybersecurity researcher Marcus Hutchins on charges of creating and selling malware.

In this Q&A conducted at Black Hat USA 2018, Amanda Rousseau, senior security researcher at Endgame Inc., a cyber operations platform vendor based in Arlington, Va., explained why the term “hacker” is unhelpful and how cybersecurity researchers find their way from being a script kiddie to putting on the white, black or gray hat.

Editor’s note: This interview is part two of a Q&A with Amanda Rousseau, and it has been edited for clarity and length.

What is your take on the apparent tensions between the cybersecurity researcher community and law enforcement or the government? 

Amanda Rousseau: ‘Hackers’ is really a term for people that don’t know the industry. I don’t usually say ‘hacker,’ unless they don’t know what a security researcher is.

If I’m in my running group, and they ask me what I do for a living, I’m like, ‘Oh, I’m just an engineer — a security engineer.’ [And they ask,] ‘What’s that? It sounds boring.’ You know? 

But even people that started out as a black hat or a gray hat hacker when they’re young usually transition to white hat when they get older. Back in the day — like ’80s, ’90s — that was the case. You can probably find someone and ask them, ‘Hey, did you ever download off of Pirate Bay before?’ … And they’ll probably say, ‘Yeah.’

But now, because they have that knowledge, they are the white hats of today helping out law enforcement, because, now that they’re older, they know it’s bad. 

I mean, even with law enforcement, there’s a fine line between legal hacking and illegal hacking, right? 

What is the best way to explain to those outside the community the nuance that comes with being a cybersecurity researcher?

Amanda Rousseau, senior security researcher at Endgame Inc.Amanda Rousseau

Rousseau: I think that they’re marketing it wrong. They use Hollywood really heavily to show this cool hacker lifestyle. But there’s a whole other side to that. I see it in the military sense; I see it as my mission. It’s more like cyberwarfare to me — that it’s my duty to protect whoever I’m protecting from the digital threat. If you see it in a sense of being a protector or a blue-teamer, it’s much more approachable than the negative context of being a hacker, right? 

And ‘hacker,’ in the dictionary, it was considered as a negative term. But in reality, it’s someone who thinks outside the box, finds the bad thing and then tells people how to fix that. And it’s hard to explain that to people who are not in it. But I think if you explain it in military terms, it’s much more easy to consume.

If you’re going after someone’s assets, you want to protect those assets as the guard. But you have to actively monitor what’s going on and then fix it as you go. And that’s pretty much what we’re doing, [asking], ‘How can we think outside the box to protect ourselves?’ And, ‘Can we probe ourselves to make sure that we’re protected from ourselves, too?’ — which we call pen testing

With the military analogy, the defensive part is pretty easy to explain. But could you expand on the offensive pen-testing angle?

Rousseau: There [are] two sides of that spectrum of people doing the offensive work so that the bad guys don’t actually do it. And [there are] the people who are defending, [who] build those infrastructures to protect it. 

Somebody has to play the other side, but they can’t know anything about the other team. They have to figure it out during the exercise. And that’s where you evaluate whether or not your assets are protected, which we call ‘red versus blue.’

The analogy I like to use is my car analogy. You have a purse in your car or a bag, backpack, right? It’s out in the open; [the] bad guy sees it [and thinks], ‘I want that bag.’ He could just bust the window in and get it. And you’ll figure it out early, because the car alarm will go off, the window’s busted and your bag is stolen. So, you can immediately rectify the situation. 

But because the bad guys are learning and getting smarter, they’re finding stealthier ways to get the bag out of the car without you knowing about it. Say, they figured out how to open the door through the rearview mirror by messing with the switches and unlocking the door. And instead of just taking up the whole bag, what they do is they put in a decoy bag so that you think that nothing is wrong until you look inside and there’s nothing in there.

It’s similar to protecting your assets. How do you know someone’s in your network if they’re being sneaky about it? You have to bubble up all of these alerts and logs in order to respond to it. And respond to an alert that makes sense. 

In the Target breach, they didn’t know how to respond to the alert, because the alert was so vague that they didn’t do anything about it until it was too late. A lot of it comes in usability and scalability. Can I put it on 1,000 desktops? And can I manage it with one to two people? 

If you think about it, there are more people trying to attack you than you can defend. So, the whole science around all of these vendor tools and everything is trying to make those two guys’ — that are doing blue team — lives much easier in protecting a huge company.

What do you think when you see stories about something like the recently discovered Yale breach, where they didn’t realize that it happened for 10 years? 

Rousseau: That’s common. I’ve been in breaches where they didn’t know it was in there for six months. [The attackers] kept coming back in and stealing more, coming back in and stealing more. And they found out they came in from a previous breach, so there were multiple people in the same network stealing.

They thought that they were covered. Their internal team, they had these certain [security] tools, but they weren’t actively looking. When they did log analysis, they were manually printing them out and analyzing the logs one by one, thinking that they would catch something. But scaling-wise, you really can’t do that.

Even people that started out as a black hat or a gray hat hacker when they’re young usually transition to white hat when they get older.
Amanda Rousseausenior security researcher, Endgame

It comes down to data science to bubble up the things that are anomalies and are important. With all of these cloud servers and data all over the place, there’s so much information on the internet that you’ve got to be able to scale to that level. 

Even now, I’m having trouble going over just 1,000 samples an hour. I can’t make copies of myself. But I can make code that can do my job. 

There [are] not enough people in the industry that do these technical jobs. That’s why I try to give back to the reverse-engineering community as much as I can — doing workshops and talks like this and different code — because I know how hard it is. It took me forever to get to where I am. I didn’t have those types of resources growing up; I just had to sit there and figure it out. 

Even the trainings that people come out of the military with, or the DOD [Department of Defense], or law enforcement, they’re forced to get some trainings, but some of them are not up to par of today. I think Black Hat is probably the closest you’re going to get to training that people actually use. 

How do we scale training and education to create the next generation of cybersecurity researchers?

Rousseau: That’s a big question that I might not be able to solve.

Slowly, but surely. You look at how big this conference is now and how big DEFCON is and all the other conferences, how big RSA is. There [are] all these little tiny conferences spinning up, and we’re all sharing information, but we have to compete with all the other careers out there, like medicine and finance.

There are so many BSides out there that try to cater to people local in the area, like Minnesota, Chicago, the Midwest, pretty much. So, they’re trying, but the content has to be there, too. Everyone can do technical work, but not everyone can teach. That’s another thing.

If they don’t know their audience, it’s going to be intimidating to people, and they’re going to lose them through teaching it. That’s why you have to provide more opportunities for different learning styles. I’m a visual learner; if you don’t have slides up, I’m not going to absorb anything. Or, [some] people just like to listen; [some] people like to read.

It’s kind of a balance of who can actually learn the material, and who’s passionate about it. When I was young, I was going for art. And I didn’t know I would be really good in this field until I took a class. So, you never know what you’re good at until you actually try it. 

The power of machine learning to change—and maybe even save—the world – Microsoft Green Blog

In the last two decades, the impact of artificial intelligence (AI) has grown from a very small community of data scientists to something that is woven into many people’s daily lives. Machine learning, computer vision, and other AI disciplines—supported by the cloud—are helping people achieve more, from mundane tasks, like avoiding a traffic jam, to revolutionary breakthroughs, like curing cancer.

Over the past year, Microsoft has been on a journey to apply these transformative technologies to the world’s biggest environmental challenges. On July 12, 2017, Microsoft launched AI for Earth as a $2 million program in London, with a goal of providing AI and cloud tools to researchers working on the frontlines of environmental challenges in the areas of agriculture, water, biodiversity, and climate change.

Since that time, AI for Earth has grown into a $50 million over five-year program, with 112 grantees in 27 countries and seven featured projects. People are using machine learning and computer vision to learn more than previously possible about our planet and how it’s changing, and increasingly using these insights to chart a better future.

These are big goals, but we’re confident in our ability to get there because we know how advanced our tools like machine learning and computer vision already are. Consider machine learning. We have come a long way from the simple pattern-matching of ELIZA. Fifteen years ago, when I got my degree in artificial intelligence, problems like facial recognition, machine translation, and speech recognition were dreams of the field, and now they are solved problems. Among other things, machine learning can group similar items together, detect unusual occurrences, and construct mathematical models of historical data to make future predictions.

These techniques are incredibly helpful for sorting through large amounts of data. Today, we’re excited to share a new story about the power of this technology that also helps answer a basic question: what is the value of AI when we don’t have massive amounts of data already waiting to be processed? This is an issue for many individuals and organizations working in the field of biodiversity, especially when the species are very small, travel great distances, and are hidden from public view.

That’s precisely the challenge we set out to address recently at the most magical place in the world – Walt Disney World Resort. Purple martins are yearly visitors to Disney, nesting at the park before returning their journey to the Brazilian Amazon. Disney scientists have been working with the purple martin community and have provided homes for the families for the past 20 years, studying the conservation of the species with more than 170 nests each year. Despite their annual visits, there is still lots to be learned about nesting behavior of these birds, in part because they nest in enclosed structures known as gourds. Some of what is known is troubling – the species is in decline, with an estimated population drop of 40 percent since 1966.

How do you close this data gap quickly to better understand the species to protect their future? Enter AI. Tiny connected homes, including cameras and cloud-connected sensors were installed, and those combined with computer vision began to deliver data on behaviors that were infrequently observed, like hatching, the caring for and growth of purple martins. External factors, like temperature, humidity, and air pressure were also recorded. Disney and Microsoft hope to expand this work, and AI will help pull all this data together to deliver insights in hopes of inspiring the next generation of conservationists to protect the purple martins for the future.

While this is our newest story, this work is happening across the world. We’re proud to support AI-enabled solutions for biodiversity, including:

PAWS: Machine learning to predict poaching. Spearheaded by a team of researchers at USC, an AI for Earth partner, with additional work being done by a member of the team now at Carnegie Mellon University, an AI for Earth grantee, the Protection Assistant for Wildlife Security (PAWS) processes data about previous poaching activities in an area and creates optimized routes for rangers to patrol based on where poaching is most likely to occur. These routes are also randomized to keep poachers from learning and adapting to patrol patterns. Currently, the PAWS algorithm is being improved so that it can incorporate new information that rangers see while on patrol—such as human footprints—to alter the proposed patrol route in real-time.

Access to ranger patrol data is key. That’s why PAWS partnered with the Uganda Wildlife Authority at Queen Elizabeth National Park. They had collected 14 years of patrol data and more than 125,000 observations on animal sightings, snares, animal remains, and other signs of poaching. PAWS is now being used in several parks, and the system has led to more observations of poacher activities per kilometer than were possible without technology.

Wildbook: Machine learning and computer vision to identify species. One of our newest featured projects, Wild Me, is showing what is possible by pushing the limits of computer vision, with an AI tool that smartly identifies, captions, and moderates pictures. Researchers often have little meaningful data on species. But computer vision makes it possible to tap into an explosion of images, available for free or at a low cost from camera traps, drones, professional photographers, safari-goers, and citizen scientists. Wild Me is not only using computer vision to identify images of zebras, for example, but is also identifying the individual animals in photos—helping to address a fundamental problem in conservation. If we can identify individual animals, then this eliminates the need for physically tagging them, which can harm the animal.

This new data on animals then goes into Wildbook, the platform developed by Wild Me. Using machine learning, it’s possible to either match an animal within the database or determine that the individual is new. Once an animal is identified, it can be tracked in other photographs. Wildbook stores information about the animals, such as their location at a specific time, in a fully developed database. This combination of AI tools and human ingenuity makes it possible to connect information about sightings with additional relevant data, enabling new science, conservation, and education at unprecedented scales and resolution. With a much more detailed and useful picture of what is happening, researchers and other decision-makers are able to implement new, more effective conservation strategies.

We see incredible potential and tremendous progress in our grantees’ work and in the explosive pace at which new algorithms are being built, refined, and made publicly available. And these are just a few of the grantees, featured projects, and partners we’re working with in the area of biodiversity; there’s equally exciting work in water, agriculture, and climate change that we look forward to sharing in the near future on this blog. Check out the amazing organizations and individuals we’re supporting, apply for a grant to join us or our new partnership with National Geographic Society, or just follow our progress on Twitter by following @Microsoft_Green, or me at @jennifermarsman.

Tags: , , ,

State of Decay 2 Celebrates 3 Million Players with Today’s Release of the Independence Pack – Xbox Wire

In advance of the 4th of July holiday, we are celebrating that the State of Decay 2 community now exceeds three million players. This, along with the recent news that fans made State of Decay 2 the best-selling game of May, puts us in a festive mood. To celebrate, we are revealing our first post-launch content, the Independence Pack. This pack gives you the opportunity to take on the zombie horde with style, grace and most importantly, colorful gunpowder. Available today on both Xbox One and Windows 10, the pack unlocks an array of fiery new versions of vehicles, weapons and gear for your community. State of Decay 2 wants you to show off with explosive awesomeness to the three million player strong community. Heck, even the zeds are dressed for the occasion in this pack, and there are few things as satisfying as taking out a Revolutionary War-themed zombie during a supply run. It’s like history that you can blow up…with fireworks!

What do you get in this firework-filled content? Glad you asked, patriot. The Independence Pack features three zombie-ready vehicles, access to a supply drop containing three new patriotic melee weapons, two unique ranged weapons and piles of single-use fireworks that are perfect for causing general havoc (or making blood plague elimination a much more festive occasion):

  • Take the Pyrohawk, Burninator or Meatwagon out for a spin. With names like these, you know driving will be more entertaining.
  • Step up to your station at the BBQ with The Freedom Ringer, Grillmeister and BBQ Fork – new hand-held zed-slaying solutions.
  • Subtlety not your thing? Well we have the Pyro Launcher and Starshank Launcher so you can blast zombies with fiery explosives.
  • Just like loud noises with pretty colors? You’re in luck! The Block Rocker, Reign o’ Fire, Bouncing Boris and XL Firework Shell offer even more options to turn a mission into a celebration.

If that’s still not enough boom, you can also use the new Fireworks Crafting Station facility mod to craft additional fireworks or ammunition for your fancy new fireworks launchers. Also keep an eye out for a new wandering trader hosting a fire sale on these explosive new goodies. That’s right, a good ole traditional fireworks sale.

Grab the Independence Pack today for $4.99 USD (or for free if you purchased State of Decay 2: Ultimate Edition); Xbox Game Pass members also receive a 10 percent discount on the Independence Pack. If that isn’t enough to get you jazzed, the team also added to the existing game with a new update that focuses on non-firework content. In Update 2.0, get ready for 20 FREE new missions, nearly 10 new weapons, a “Rare Books” trader for new skills and plenty of improved gameplay in honor of the Independence Pack for ALL players. Did we mention it’s free? To read more on that, please visit StateofDecay.com for the full patch notes and other things that aren’t fireworks.

But wait, there’s more! After wiping out the blood plague and celebrating your legacy with this festive pack, get ready for completely separate shenanigans in the upcoming Daybreak Pack this September. That all-new content lets you take the fight to the zombies, featuring an exciting new mode where you play as a well-equipped Red Talon soldier. You’ll work to complete a challenging objective while protecting your fortified position against waves of zombies and freaks to earn new rewards and weapons. The Daybreak Pack is also included in State of Decay 2’s Ultimate Edition.

If you haven’t joined the community just yet, now’s a great time to get in on all the action! In addition to playing it with an Xbox Game Pass membership, you can purchase the Standard Edition for $29.99 and the Ultimate Edition for $49.99., which includes both the Independence Pack and Daybreak Pack. As an Xbox Play Anywhere game, one digital purchase gets you both the Xbox One and the Windows 10 version of the game

Video forState of Decay 2 Celebrates 3 Million Players with Today’s Release of the Independence Pack

Take a handful of fireworks, a new ride, some casual rocket launchers and ask yourself the one question that matters this 4th of July – How Will You Survive?

Microsoft from GeekWire Cloud Tech Summit: New Azure innovations will advance the intelligent cloud and intelligent edge

Today, I gathered with the tech community in the Seattle area at the GeekWire Cloud Tech Summit to talk about how customers are using the cloud and what the future holds. I joined GeekWire’s Todd Bishop and Tom Krazit on stage for a fireside chat to share more about Microsoft’s vision for emerging cloud innovation, but I also got to connect with many of you directly. In those conversations, it became even more apparent just how many of you are turning to the intelligent cloud to explore how emerging innovation like serverless, blockchain, edge computing, and AI can help you create solutions that can change your business — and people’s lives.

At Microsoft, we’re continually releasing technology that’s inspired by our customers and what you tell us you need to make the intelligent cloud and intelligent edge a reality for your businesses. For example, you may need to build applications to work in remote areas with low connectivity. Or you need to store, access, and drive insights from your data faster because of competitive pressures. And, you need confidence that your data and applications will be secure, resilient, and highly available across the globe.

During my time with Tom and Todd, I announced a few of our latest Azure solutions and newest regions and availability zones designed to bring this vision to you, our customers, and I’d like to share more on these new technologies.

Introducing the next level in big data analytics

Azure Data Lake Storage Gen2 and general availability of Azure Data Factory capabilities

Data is currency for enterprises today, and we know you need to be able to easily store and quickly access your data to drive actionable insights. You also need to be able to ingest and integrate big data quickly and easily to get to insights more readily. Today, we are introducing a preview of a highly scalable, highly performant, and cost-effective data lake solution for big data analytics, Azure Data Lake Storage Gen 2, to deliver the scale, performance, and security needed by your most demanding and sensitive workloads. 

Because Azure Data Lake Gen2 is built on the foundations of Azure blob storage, all data — from data that is constantly in use through to data that only needs to be referenced occasionally or stored for regulatory reasons — can coexist in a single store without having to copy data. This means that you will have greater speed to insight over your data along with rich security at a more cost-effective price. Azure Data Lake Storage also provides a unified data store where unstructured object data and file data can be accessed concurrently via Blob Storage and Hadoop File System protocols.

Today also brings the general availability of new features in Azure Data Factory to deliver data movement as a service capacities so you can build analytics across hybrid and multicloud environments, and drive raw data into actionable insights. The new features include a web-based graphical user interface to create, schedule and manage data pipelines, code-free data ingestion from over 70 data source connectors to accelerate data movement across on-premises and cloud, and ability to easily lift SQL Server Integration Services packages to Azure and run in managed execution environment in Azure Data Factory. You can also start taking advantage of native ADF connector for Azure Data Lake Storage to load your data lake at scale.

Enabling the intelligent edge

Azure IoT Edge is generally available

In the next 10 years, nearly all our everyday devices and many new devices will be connected. These devices are all becoming so “smart” that they can power advanced algorithms that help them see, listen, reason, predict and more, without a 24/7 dependence on the cloud. This is the intelligent edge, and it will define the next wave of innovation in how we address world issues: distributing resources like water and oil, increasing food production and quality, and responding to natural disasters.

As key part of our strategy to deliver the promise of edge computing is Azure IoT Edge, which enables consistency between cloud and edge. This means you can push AI and machine learning to the edge, providing the most comprehensive and innovative edge offering on the market. As of today, Azure IoT Edge is generally available globally, with new updates for increased flexibility, scalability, security, and more.

Also today, the Azure IoT Edge runtime is open sourced and available on GitHub. If you are a developer, this gives you even greater flexibility and control of your edge solutions, so you can modify the runtime and debug issues. Azure IoT Edge now also supports more languages than another other edge solution including C#, C, Node.js, Python, and Java, and we’ve added support for the Moby container management system. Additionally, we’ve released a Device Provisioning Service that enables you to provision tens of thousands of devices with zero touch. The new Security Manager for Azure IoT Edge acts as a well-bounded security core for protecting the IoT Edge device and all its components by abstracting the secure silicon hardware.

Azure IoT Edge customers like Schneider Electric and a farmer in Carnation, Washington are building sophisticated solutions that deliver real-time insights in areas with unreliable connectivity. Now that the solution is production-ready, with enhanced features, we can’t wait to see what else you build.

Azure global infrastructure

New Azure regions

We continuously invest in our cloud infrastructure to give you more compute power to enable the intelligent cloud and intelligent edge. We’ve announced 54 Azure regions to help you deliver cloud services and apps to nearly every corner of the globe and to provide everything that’s needed to run mission-critical applications, across scenarios, with a full set of resiliency solutions.

Today, we expanded our Azure presence in China, one of the most dynamic cloud markets in the world, with two additional regions now generally available. We were the first international cloud provider in China in 2014 (in partnership with 21Vianet), and today’s announcement doubles the number of Azure regions available there. We continue to see immense opportunity in China for cloud services to fuel innovation and multinational corporations including Adobe, Coke, Costco, Daimler, Ford, Nuance, P&G, and Toyota, which are choosing our intelligent cloud services to help deliver for their customers in China. This builds on our recently announced plans to expand our cloud infrastructure in Europe and the Middle East and announced plans for new regions coming to Norway

We’re also constantly increasing Azure’s resiliency capabilities with the addition of new Azure Availability Zones. Our Availability Zone in the Netherlands is now generally available, adding to the Zones already available in Iowa and Paris. The combination of region pairs and Availability Zones not only increases Azure’s resiliency capabilities, but broadens customer choice for business continuity architectures and delivers an industry-leading SLA for virtual machines.

It’s an exciting future

It was great to see all of you at GeekWire Cloud Tech Summit today. For those of you who weren’t able to be there live, you can follow along online. As always, we will continue to focus on building the technologies you need to drive innovation and disruption with the intelligent cloud and intelligent edge. Let us know what you think about these new solutions by sharing your feedback and comments.

Mobile app machine learning imagines a bigger future with Swift

BOSTON — Recent advancements in the iOS development community aimed at simplifying AI models with Swift have opened up the potential of mobile app machine learning.

Users have come to expect mobile app machine learning to be a part of every technological interaction they have on their phones, and developers should consider implementing machine learning into their apps’ features. Here at this week’s SwiftFest event, developers discussed how machine learning reached this point, the future of mobile app machine learning with Apple’s Swift development language for iOS and how it can be applied.

Why does machine learning matter for mobile?

By creating a machine learning model, mobile app developers can create applications to do more without developers individually programming every action and reaction. Machine learning technology can see the rules that shape a pattern and predict future events, while people are limited by their own imaginations, said Ray Deck, CTO of Element55, a time-tracking software provider in Cambridge, Mass, in a session.

The challenging part of creating an AI model in the past has been collecting the quantity of examples a machine needs to correctly identify what it is seeing. For example, if the technology needs to correctly identify one person from an image, it would need to collect a proportional number of images to the size of the neural-network model developers were creating.

About five years ago, a breakthrough in organizing neural networks — deep learning — created a faster way to write models more accurately. This opened the way for computers to begin to accurately predict patterns or identify subjects through machine learning models.

“If we just try to write these models ourselves, we won’t get it right,” Deck said.

Why could Swift be the future of AI?

The future of machine learning may be on the side of Swift developers. With the release of several new software development frameworks — Swift for TensorFlow and Apple’s own Core ML 2 and Create ML — developers do not need to know as much to incorporate mobile app machine learning.

“Machine learning is more accessible with the latest releases of iOS that they have been doing, and it invites me to explore more and try to use some of that technology in our apps,” said Jaime Santana Ruelas, a software engineer at Cisco.

Swift is defining a new golden path of usability.
Ray DeckCTO of Element55

In March, the Swift for TensorFlow team at Google announced its open source project. Python has been leading the way in TensorFlow, despite TensorFlow being written in C++ — a variant of Objective-C, which lends its runtime library to Swift. Creating models with Python is slow, however, and with Swift for TensorFlow, developers can have more creativity when building AI models, Deck said.

“You get that high-level language experience of Swift and that compile performance associated with the runtime, creating a more natural connection, because you are compiling straight into [TensorFlow],” he said.

This month, Apple announced Create ML and Core ML 2 to simplify the creation and implementation of app machine learning models. Create ML enables developers to create machine learning models more easily in Swift through more of a drag-and-drop experience. Plus, developers don’t need to have as much technical knowledge to use Create ML. Core ML 2 boasts faster processing speeds and a smaller model size to implement AI models into apps.

“Swift is defining a new golden path of usability for consumption and creation and potentially advancing the vanguard of automatic differentiation,” Deck said. “The most powerful models may yet to come.”

What can mobile app machine learning do?

In an interview after the session, Deck said app machine learning has been growing based on two factors: the supply increasing quickly due to better techniques developed to create AI and the demand users have for the promise of AI.

“The promise of AI is that we’re carrying not just a camera, but an eye in our pocket, [for example], and being able to have software make decisions based on what we see or an advanced understanding of it,” he said. “It helps people make better decisions.”

People already use AI technology in their fitness watches. Mobile apps could take this further by aggregating data to predict health risks and warn users if they are following a path that models previously predicted would lead others to be taken to the emergency room. In the enterprise, mobile app machine learning could help business travelers get a ride or put email messages in spam folders.

App machine learning can also allow devices to respond to people’s voices. Martin Mitrevski, a technical lead at Netcetera, a software company in Switzerland, works with AI to create conversational user interfaces that can complete tasks, such as creating a list from voice commands.

“Anything you can imagine can be made smarter with AI,” Mitrevski said. “Pretty much any industry will be disrupted with AI and machine learning.”

‘There’s nothing wrong who you are’: Michelle Chen’s journey to live more freely in her own skin – Microsoft Life

Surrounded for the first time by a supportive culture and a community of LGBTQ+ friends, this software engineer is unlocking the key to self-acceptance

By Candace Whitney-Morris

Michelle Chen knew she was gay long before she came out. Growing up, she found it hard enough to admit to herself, let alone to say it out loud for others.

In high school, people would tease her with questions like, “Are you sure you’re straight?” Ever since grade school when she had to defend her choice to wear “boy’s” clothes and keep her hair short, she had to be quick on her toes, ready with reassurances. She’d reply, “Oh yeah, I’m straight! I have a crush on so-and-so. Don’t worry.”

Chen wasn’t ready to come out in high school, and the small town she grew up in wasn’t ready for her to come out, either. Neither were her traditional, Chinese parents.

“Any sexuality that isn’t straight is not accepted at all,” Chen explained of her family’s beliefs. “You have to conform to what everyone else looks like. You have to find a husband, have kids. That’s just your purpose.

“Even my parents believed that female children were lesser than male children. Navigating that space was really difficult for me growing up, because not only were they like, ‘Oh you have to have kids,’ but they were like, ‘You have to marry a Chinese man.’”

Chen decided to take her time before telling them that she was gay; she’d move away and get a job first.

In the meantime, the hiding was taking its toll: deep down Chen grew full of self-loathing, hating that she couldn’t conform to people’s expectations and suspicious that something was wrong with her.

The first taste of self-acceptance came during college where she met and befriended other lesbians. One summer, she traveled to New York City and experienced her first Pride parade.

“I saw everyone dressed however they wanted to dress; no one felt ashamed of anything,” she said. “I knew right then that I wanted to live my life this way, that I wanted to be as happy as these people.”

A fellow college student encouraged Chen to think about interning at Microsoft and then referred her and helped coach her through the interview process. The same year that Chen decided to come out, she got the internship and headed to Seattle for the summer.

“I was so excited, partly because I knew Seattle was super gay,” she said, laughing. She hoped that meant she could live more out in the open.

“When I came to Microsoft, I felt like I had found my place,” she said. Right away, Chen joined GLEAM, the LGBTQ+ employee resource group at Microsoft that, among other things, provides mentorship to new interns who identify as LGBTQ+.

She interned again the next summer, and now one year later, she works at Microsoft as a software engineer. Although Chen didn’t originally know anyone in Seattle, she quickly made friends through GLEAM and in her neighborhood of Capitol Hill. “Now, almost all my friends are queer, and I see most of them every day.”

“When I came to Microsoft, I felt like I had found my place.”

The same year she started at Microsoft, she decided it was time to come out to her mother. As she dialed the phone, she gave herself a pep talk: “OK, Michelle, now’s the time. You are going to come out.”

Chen’s mom answered with, “I heard you got a septum ring.”

Michelle ChenTaken off guard, Chen said, “What? Who told you that? How do you know these things?”

Her mom responded that she had her sources. “There are people in this town that tell me things.”

Chen was so frustrated that she just blurted out, “Oh, did they tell you I’m gay, too?”

“Wait, what?” her mom said, shocked. It took a minute for the news to sink in.

Chen recalled, laughing, “I mean, it was kind of nice because it took the focus off the septum ring.”

But then her mother said something Chen will never forget: “Oh, no, no, no. You should change. I can’t believe it. This must’ve been something I did wrong.”

Although Chen was not expecting an approving response, “it was still pretty shocking to hear from my own mother,” she said.

It has been a few months since that phone call, and while Chen and her mother maintain contact, she told her mom that she can’t visit her in Seattle until she’s comfortable with her daughter’s sexual orientation.

“It’s not something I can just sweep under the rug anymore,” she said. “I’d rather be happy than hide my true self.”

Chen doesn’t regret waiting to tell her parents, and she hopes to encourage others to take their time.

“I had to get outside of my small town and see that being LGBTQ+ is not a bad thing. It’s not shameful. There’s nothing wrong with dressing the way that you want to dress.

“There’s nothing wrong with who you are.”

Meet more Microsoft employees who are changing hearts and minds and advancing human rights.

See how Microsoft is celebrating Pride 2018 and how you can be an ally.

Learn how Microsoft and its LGBTQ+ employees push for change across borders.

‘There are great things out there for you’: Q Johnson went from having to hide parts of herself to helping others embrace who they are – Microsoft Life

The Microsoft retail store employee faced a lack of acceptance until she found a community and the support to be herself 

By Natalie Singer-Velush

Q Johnson knows what it’s like to not be fully accepted for who you are. She felt the tension as a teenager, growing up in a family that didn’t tolerate the idea of same-sex love. After she graduated high school, her mother found out she was gay. “She told me, ‘That’s not allowed in my house. If you’re going do that, you need to leave,’” Johnson said. When Johnson returned from a trip out of town, she found that she’d been locked out of the house. She couldn’t get her belongings, and she had nowhere to go.

Then Johnson had to conceal her reality while she was homeless, living in her car and trying to get back on her feet after being rejected by her family. When few people were around, she would shower at night at her 24-hour gym, hiding her homelessness, and she ate meals at her job at a fast-food restaurant.

Not long after that, Johnson met the love of her life and joined the military. But in 2011, prior to the US Supreme Court’s 2013 reversal of the federal Defense of Marriage Act, her marriage to her wife wasn’t recognized. So, she was required to live on base in the barracks with other unmarried soldiers. She kept an apartment off base with her new family—her wife and daughter—walking a tenuous line between desperately wanting to be fully herself and having to be the pretend version of herself that was required to do her job.

Eventually, her hidden life was discovered, and to be with her family Johnson left the military and her identity serving her country behind.

She decided she would try to reinvent herself in Oklahoma City, where she grew up, and maybe this time things would be different.

“Technology’s always been a passion of mine,” Johnson said. “I saw an inventory control position open at a Microsoft store, and I applied. I’ve been here two years. Coming into a new job, you’re nervous; you don’t know what to expect. Right when I interviewed I learned someone I would be working closely with is a lesbian. So I was like, it’s ok. I was relaxed—at ease, you know? I later learned other people working around me were gay, too. It was a relief.”

It was the first time in a very long time that she felt accepted for who she was, that she felt like she could just be Q.

“I felt like I could come in and be myself. I didn’t have to worry about judgment from my family anymore.

“You shouldn’t have to go to work pretending to be something you’re not. I shouldn’t have to be ashamed of being married to someone of the same sex. I should be able to come in and say, ‘This is my wife. This is my daughter.’ Here, I’m comfortable being myself.”

Now Johnson speaks to groups of LGBTQ+ military members and veterans, who often attend anonymously, telling them her story and helping them see that it’s possible to come out of hiding, to live a happy life and be fully accepted.

“There are people out there facing similar things. Talk to them; get that support. Don’t give up on your life because there are great things out there for you.”

“There are people who suffer from PTSD of all different types, who face the same things I face. I can go share my story and just, you know, just be human,” she said.

“It took me a long time to be able to share my story without crying. And it was my wife who told me, ‘You know, if you let it out you might feel better.’ And I thought, well if I’m going to let [my feelings] out, maybe there are other people who feel like me. Talking about these experiences with veterans is so important. It’s giving something back to them, after they serve their country.

“Being able to walk into a room and not be judged is so important. Because that’s who we are at the end of the day.”

Nowadays, Johnson says, she finds strength from her struggles and feels empowered to help others around her as much as she can. And she’s done hiding.

“I would say to anybody going through the same types of things I went through: Just one day at a time. It may be tough, whatever the situation is. But don’t get your hopes down, because it gets better. There are people out there facing similar things. Talk to them; get that support. Don’t give up on your life because there are great things out there for you.”