A couple of weeks ago, DEFCON Toronto founder Nick Aleks messaged me on Twitter, out of the blue. He invited me to be a panelist for their Women Who Hack event. DEFCON Toronto started only about a year ago, and I had yet to attend any of their meetings, so I was really excited about the opportunity.
The meeting features women who work in cybersecurity. I've been doing an interview series for Tripwire's State of Security blog about that topic, so I really felt in my element. I've met so many amazing women in my field, so I was hyped to meet a few more.
Enhancing Threat Intelligence
The event started with a talk by cybersecurity consultant Cheryl Biswas. Her presentation was on Enhancing Threat Intelligence.
Threat intelligence is a matter that overwhelms datacenters, even when they have the best security information and event management (SIEM) systems and log analysis software. One of the biggest issues is that you need intrusion detection system (IDS) sensors, firewalls, and other network security appliances to cover the scope that you're responsible for. To be more likely to catch more threats, sensors need greater data capacity, and you also need more logs from many of your network components.
But casting wider nets means catching more garbage in your fish hauls - usually in the form of false positive alerts. False positives are a constant challenge, and having to sort through many of them every day to find true positives is something security practitioners cannot completely avoid. Plus, sometimes determining your scope in the first place can take some work.
Prioritize Your Own Data First
Cheryl had excellent advice: she emphasizes prioritizing your own data, first and foremost. Data that you've collected in systems you've configured yourself is always the most reliable. Then, analyze third-party data with even greater care.
She also mentioned how it’s important to consider each alert that your monitoring software generates. The very mention of alerts can drive a network administrator batty, so she softened the blow with a picture of kittens, and this advice: “Each of them is important; handle them with care!” (Everything is better with kittens).
On an edgier note, she went into the cyber kill chain, originally conceptualized by computer scientists at Lockheed Martin. It's all about how attacks progress in stages, she notes. If you can block an attack at an earlier stage through a control at that level, you're ahead of the game. It's a new concept to many information security professionals.
Introducing: Women Who Hack
Next up was the panel. Laura Payne is a Senior Information Security Advisor with the Bank of Montreal, and she has a lot of experience organizing cybersecurity events such as such as BSides Toronto. I first met her when I gave a talk there last October. She did a great job with hosting us panelists.
I was proud to be a part of a panel with such great minds in my field, including two women I met for the first time:
Sarah Qureshi got into cybersecurity by showing curiosity as a computer science student. She's been programming ever since she was a kid, so she really loves code. She's now been a professional for over fifteen years, with both private and public sector experience. Her specialities are software development, policy, privacy, and digital forensics.
Lisa Belanger has a really tough job, not only technically but also psychologically. She's a Toronto Police Detective who specializes in investigating online crime. Very often, she has to work with child pornography cases in Toronto Police Service's Child Exploitation Section of the Sex Crimes Unit.
Investigating child pornographers is a task that often traumatizes the professionals who have to work in that area. I admire Lisa's courage, quite frankly. It's not work that I could do. Also, she's a mother. I imagine that she considers her responsibility to be especially crucial. She's also worked in Toronto Police Service's general Computer Cyber Crimes unit. An important aspect of Lisa's job is to explain computer technology and digital evidence to judges and juries.
I'm Kim Crawley, and I've been writing about information security for many different websites and publications over the years. At the moment, I contribute to AlienVault's blog, Tripwire's State of Security blog, and now I'm thrilled to contribute to Cylance's blog as well. I love to write about all facets and niches of cybersecurity, but I especially enjoy writing about the human element of computer technological danger.
Laura had some excellent questions for us. She asked us about how we got into our field and what challenges we may have faced on our way. My background has parallels with Sarah's - we were both computer nerds as little girls and people have discouraged us over the years due to our gender. Sarah obviously has a lot more experience with programming, whereas I can just do simple things with Python, web development, and general OS configuration scripting.
All three of us were asked what we were proudest of. Lisa has been instrumental in getting some harmful people behind bars, and she was awarded Investigator of the Year for Project Spade.
When it was my turn, I named some articles I've written recently that I'm very pleased with. I mentioned what I've written about quantum networking, my Women In Information Security series, of which Cheryl Biswas was one of my many interview subjects, stuff I've written for 2600 Magazine about hacker culture, and my UX design vulnerability article for AlienVault.
I'd like to thank Nick Aleks and the rest of the DEFCON Toronto team, Laura Payne, Women Who Code Toronto, and Pivotal Labs for an amazing event. It was fun, and I'll be back!
VIDEO: DEFCON Toronto Women Who Hack (Part 1/2)
VIDEO: DEFCON Toronto Women Who Hack (Part 2/2)
VIDEO: Cheryl Biswas Speaks on Enhancing Threat Intelligence