Tag Archives: Diana

Diversity and cybercrime: Solving puzzles and stopping bad guys – Asia News Center

Diana Kelley bristles at suggestions that cybersecurity is a dry or dull career choice – after all, she’s dedicated most of her working life to protecting data and blocking digital wrongdoers.

“I think it is the most interesting part of IT. It can be a fascinating puzzle to solve. It can be like a murder mystery on that show, ‘Law & Order,’ except that when they find a dead body, we find a network breach,” she says.

“As we investigate, we go back through all these twists and turns. And, sometimes we discover that the real culprit isn’t the one we had suspected at the beginning.”

As Microsoft’s global Cybersecurity Field Chief Technology Officer, she wants to erase misconceptions that might be stopping people from more walks of life from entering her profession – which, she argues,  needs new ways of thinking and innovating.

Successful companies know that by building diversity and inclusion within their ranks, they can better understand and serve their many and varied customers. Cybersecurity teams need to read from the same playbook so they can better anticipate and block attacks launched by all kinds of people from all sorts of places.

“Cybercriminals come from different backgrounds and geo-locations and have different mindsets,” Kelley says. “They collaborate and use very diverse attack techniques to come after individuals, companies, and countries. So, it helps us also to have a very diverse set of protection and controls to stop them.”

Knowing how attackers might think and act can be difficult for any cybersecurity team, particularly if it is made up of people from similar backgrounds with similar viewpoints. It is the kind of conformity that can even lead to a sort of “groupthink,” which results in blind spots and unintended bias.

The power of different viewpoints

“If people think in the same ways again and again, they are going to come up with the same answers. This only stops when different viewpoints are raised, and different questions are heard.”

Kelley says attackers come from, and operate in, many different environments, and cybersecurity teams need to match this diversity as much as they can. However, the make-up of today’s international cybersecurity community remains surprisingly homogenous.

“About 90 percent are men and, depending on where you are in the world, they are often white men,” she says. “In Asia, it tends to be a little worse. Only about nine percent are women.”

The need for change comes amid unprecedented demand for cybersecurity and a chronic shortage of skilled specialists across the world. Kelley sees this an opportunity.

“We’ve got this big gap in hiring, so why not create a more diverse and inclusive community of people working on the problem?” she said in an interview on her recent visit to Singapore, one of many global cities vying for talent in the sector.

One major concern is gender imbalance. Even though many well-paying jobs are up for grabs, relatively few women are taking up, and staying in, cybersecurity roles.

Fixing the gender imbalance

“When I got into the field almost 30 years ago, women had very low representation in computer science in general,” Kelley says. “Back then, I just assumed it would change over time. But it hasn’t.”

Studies show that girls often drop out of STEM (science, technology, engineering, and math) subjects in middle or high school. Some women university graduates do enter the profession. But a lot end up leaving – many for cultural reasons in the workplace.

“There is a high attrition rate. We need to promote the value of studying STEM. And, we also need to work for the people who are in the field now by creating inclusive work environments.”

Kelley joined Microsoft about two years ago. Since then, she has been struck by its strong culture of respecting diverse viewpoints and encouraging inclusion – things she hasn’t seen stressed in some other companies.

“Not every idea is a great idea. But that doesn’t mean it should be mocked or dismissed. It should be respected as an idea. I have spoken to some women elsewhere who say because they didn’t feel heard or respected, they didn’t want to stay in IT.”

Bringing in all sorts of people

Kelley says more can be done to build up diversity and inclusion beyond fixing the gender mix. Again, she is impressed by Microsoft’s efforts. “Yes, we need to engage more women. But we also need to bring in all sorts of people from different social and career backgrounds.

“For instance, our team – the Cybersecurity Solution Group at Microsoft – is looking for people who may not have worked in cybersecurity in the past, but have a great interest (in technology) as well as other talents. So we are creating diversity that way too.”

Kelley recounts her own sideways entry into the field. She fell in love with computers and software during her teens when she discovered for herself how vulnerable networks at the time could be.

Later she graduated from university with a very non-techie qualification: a degree in English. Her first few jobs were editorial roles, but being tech-savvy soon meant she became the “go-to IT guy” in her office.

“Finally someone said to me, ‘Hey, you know what? IT is your calling, and we are hiring.’ So, what had been a hobby for me then became a career.”

She eventually moved into cybersecurity after an intruder broke into a network she had just built. “I pivoted from being a network and software person to someone very much focused on creating secure and resilient architectures and networks to thwart the bad guys.”

We need diverse thinkers

Looking to the future, she wants a broader pool of job seekers to consider careers in cybersecurity, even if they did not like STEM at school.

“We need diverse thinkers … people who understand psychology, for example, who can help understand the mindsets behind these attacks. We need great legal minds to help with ethics and privacy. And, political minds who understand lobbying.”

The cybersecurity world needs individuals who are altruistic and have a little more. “We go into this field because we want to do the right thing and protect people and protect data. That is a critical part. And, it also really helps to have a sort of a ‘tinkering mindset.’”

She explains that when cybersecurity professionals create systems, they also have to produce threat models. To do that, they need to think about, ‘What if I was a bad guy? What if I was trying to take this apart? How could it be taken apart?’ That is the point where they can start to work out how to make their system more attack resistant.

Meanwhile, she is eager to debunk a few myths swirling around the subject of cybercrime.

For starters, the days of the smart lone wolf kid in a hoodie hacking for fun from his bedroom are more or less over. Nowadays, only a tiny minority of perpetrators cause digital mischief and embarrassment just for the bragging rights or are “hacktivists” who want to advance social or environmental causes.

Ominously, there are sophisticated state-sponsored actors targeting the vulnerabilities of rival powers. Governments around the world are rightly worried about their citizens’ data. But they also fear for the security of vital infrastructure, like power grids and transport systems. Accordingly, military strategists now rate cyber as a field of warfare alongside land, sea, and air.

That said, most of the bad guys are simply in it for the money and do not deserve the glory and headlines they sometimes get.

“They are not glamorous. Many are in big criminal syndicates that just want to grab our data – hurting us and hurting our loved ones.”

Go to Original Article
Author: Microsoft News Center

Building the security operations center of tomorrow—harnessing the law of data gravity

This post was coauthored by Diana Kelley, Cybersecurity Field CTO, and , EMEA Chief Security Advisor, Cybersecurity Solutions Group.

You’ve got a big dinner planned and your dishwasher goes on the fritz. You call the repair company and are lucky enough to get an appointment for that afternoon. The repairperson shows up and says, “Yes, it’s broken, but to figure out why I will need to run some tests.” They start to remove your dishwasher from the outlet. “What are you doing?” you ask. “I’m taking it back to our repair shop for analysis and then repair,” they reply. At this point, you’re annoyed. You have a big party in three hours, and taking the dishwasher all the way back to the shop for analysis means someone will be washing dishes by hand after your party—why not test it right here and right now so it can be fixed on the spot?

Now, imagine the dishwasher is critical business data located throughout your organization. Sending all that data to a centralized location for analysis will give you insights, eventually, but not when you really need it, which is now. In cases where the data is extremely large, you may not be able to move it at all. Instead it makes more sense to bring services and applications to your data. This at the heart of a concept called “data gravity,” described by Dave McCrory back in 2010. Much like a planet, your data has mass, and the bigger that mass, the greater its gravitational pull, or gravity well, and the more likely that apps and services are drawn to it. Gravitational movement is accelerated when bandwidth and latency are at a premium, because the closer you are to something the faster you can process and act on it. This is the big driver of the intelligent cloud/intelligent edge. We bring analytics and compute to connected devices to make use of all the data they collect in near real-time.

But what might not be so obvious is what, if anything, does data gravity have to do with cybersecurity and the security operations center (SOC) of tomorrow. To have that discussion, let’s step back and look at the traditional SOCs, built on security information and event management (SIEM) solutions developed at the turn of the century. The very first SIEM solutions were predominantly focused on log aggregation. Log information from core security tools like firewalls, intrusion detection systems, and anti-virus/malware tools were collected from all over a company and moved to a single repository for processing.

That may not sound super exciting from our current vantage point of 2018, but back in 2000 it was groundbreaking. Admins were struggling with an increasing number of security tools, and the ever-expanding logs from those tools. Early SIEM solutions gave them a way to collect all that data and apply security intelligence and analytics to it. The hope was that if we could gather all relevant security log and reporting data into one place, we could apply rules and quickly gather insights about threats to our systems and security situational awareness. In a way this was antidata gravity, where data moved to the applications and services rather than vice versa.

After the initial “hype” for SIEM solutions, SOC managers realized a few of their limitations. Trying to write rules for security analytics proved to be quite hard. A minor error in a rule led to high false positives that ate into analyst investigative time. Many companies were unable to get all the critical log data into the SIEM, leading to false negatives and expensive blind spots. And one of the biggest concerns with traditional SIEM was the latency. SIEM solutions were marketed as “real-time” analytics, but once an action was written to a log, collected, sent to the SIEM, and then parsed through the SIEM analytics engine, quite a bit of latency was introduced. When it comes to responding to fast moving cyberthreats, latency is a distinct disadvantage.

Now think about these challenges and add the explosive amounts of data generated today by the cloud and millions of connected devices. In this environment it’s not uncommon that threat campaigns go unnoticed by an overloaded SIEM analytics engine. And many of the signals that do get through are not investigated because the security analysts are overworked. Which brings us back to data gravity.

What was one of the forcing factors for data gravity? Low tolerance for latency. What was the other? Building applications by applying insights and machine learning to data. So how can we build the SOC of tomorrow? By respecting the law of data gravity. If we can perform security analytics close to where the data already is, we can increase the speed of response. This doesn’t mean the end of aggregation. Tomorrow’s SOC will employ a hybrid approach by performing analytics as close to the data mass as possible, and then rolling up insights, as needed, to a larger central SOC repository for additional analysis and insight across different gravity wells.

Does this sound like an intriguing idea? We think so. Being practitioners, though, we most appreciate when great theories can be turned into real-world implementations. Please stay tuned for part 2 of this blog series, where we take the concept of tomorrow’s SOC and data gravity into practice for today.

‘Wonder Woman’ now available in the Windows Store 3 weeks before it’s on Blu-ray – The Fire Hose

Before she was “Wonder Woman,” she was Diana, Amazon princess. Raised in a secluded paradise as a fierce warrior, Diana (Gal Gadot) receives news of a terrible war in the outside world and leaves home to join the fight.

Patty Jenkins’ highly acclaimed blockbuster is now available in the Movies & TV section of the Windows Store, three weeks before it arrives on Blu-ray.

Also, keep up with what’s hot, new and trending in the Windows Store on Twitter and Facebook.

Athima Chansanchai
Microsoft News Center Staff

Tags: Movies & TV, Windows Store