News / March 2020

CLTC Hosts Expert Panel at 4th Annual Women in Tech Symposium: Reimagining Cybersecurity for All

The 4th annual Women in Tech Symposium took place on Friday, March 6 at Sibley Auditorium on the UC Berkeley campus. The Women in Tech Initiative at UC Berkeley (WITI@UC) aims to increase the persistence and success of women in technical fields so that they are proportionately represented and equitably compensated throughout the professional ranks in industry, academia and the public sector.

This year’s symposium theme was “Reimagining Cybersecurity For All.” “Looking at topics where we saw a gap in women’s participation, cybersecurity clearly rose to the top,” said Camille Crittenden, WITI@UC co-founder and Executive Director of the CITRIS and Banatao Institute, in her welcoming remarks. “Women are significantly underrepresented. We wanted to highlight opportunities for women to join this growing field.”

Dawn Song
Dawn Song

Next to the stage was UC Berkeley Department of Electrical Engineering and Computer Science Professor Dawn Song who gave a presentation about her research on the urgent need for a framework for building a responsible data economy. Song laid out the regulatory and technological challenges that exist in the current data economy framework, and gave examples of techniques, technologies and policies her research group are developing to restructure it.  “I strongly believe that building a responsible data economy is critical for society and this requires a community effort,” said Song. “Let’s take on the big challenges together.”

The morning session of the agenda featured a fireside chat with Tsu-Jae King Liu, Professor in the College of Engineering at UC Berkeley and co-founder of WITI@UC, and Window Snyder, Chief Security Officer at Square. Snyder detailed the unique pathway of her career and some of her achievements along the way. “The most important thing I’ve done in my career is to demonstrate that privacy has value, and that there are other paths to be successful as a tech company beyond just collecting data because you may find use or value from it in the future. That was a hard justification to make at the time, but I’m really happy to see it as a direction the industry is moving in.”

Window Snyder (L) and Tsu-Jae King Liu (R)

The conversation moved to the lack of gender diversity in the tech industry today, where King Liu asked if Snyder felt there is a similar lack of gender diversity in cybersecurity. Snyder agreed that underrepresentation of people who identify as women in cybersecurity was an issue, but added that even when women are represented, they still receive less visibility than their male peers. “This is extremely frustrating for young women looking for someone to emulate as they consider their career paths,” said Snyder.  She went on to say that the value of having a network of women has been “immeasureable” to her career. “I cannot overestimate how influential it has been to my personal successs to have access to folks with diversity of experiences and expertise.”

As a proud co-sponsor of the symposium, CLTC helped organize the day’s first panel titled, “What’s at Stake? Global and Systemic Cyber Threats,” featuring a distinguished group of women at the forefront of the dynamic intersection between people and digital technologies. Panelists included: Aanchal Gupta, Head of Security in Calibra at Facebook; Michele Guel, Distinguished Engineer & IoT Security Strategist at CISCO Systems; Raluca Popa, Co-Founder of the RiseLab and Assistant Professor of Computer Science at UC Berkeley; Ashley Tolbert, Cybersecurity Engineer at Netflix; and Laura Bate, Director of Cyber Engagement at the U.S. Cyberspace Solarium Commission, who moderated the discussion.

From left to right: Laura Bate, Ashley Tolbert, Aanchal Gupta, Michele Guel, Raluca Popa

Bate introduced the panelists and invited them to elaborate on each of their unique backgrounds and the steps in their careers that have led them to the field of cybersecurity. Then each panelists discussed the main issues they see as the most systemic problems which need to be solved in the next five years. Gupta focused on ransomware and its evolution from “spray and prey” attack methods to criminals going after more high-value targets and data, as well as the risk to software supply chains. “As our reliance [on open-source, third party software] is increasing, attackers are also seeing this as an opportunity.”

“My area of focus has always been about the data and the challenges around value, volume and velocitythere’s so much more data,” said Guel. “For many organizations it’s very challenging for them to have a good handle on where their critical data stores are.” Assistant professor Popa complemented this threat by discussing how data servers and cloud infrastructures are persistently attacked. “We will never be able to write perfect software,” she said. “We’re still trying to build taller and taller walls to prevent attackers from breaking in, but we ought to assume that they will break in and be prepared even then.” Tolbert doubled down on the risk to supply chains and society’s reliance on integrated apps, while also highlighting the issue of data governance and a lack of clarity about who owns the responsibility for security in the supply chain.

“Lest we get lost in what the threat is, there’s really a lot of reason for hope,” said Bate as she transitioned the conversation from the challenges we’re up against to the advancements and solutions the panelists see in the field. Popa talked about the increasing importance of end-to-end encryption, and how her research group is working to make encryption more usable and adaptable for businesses to integrate security into their systems “from the ground up.”  The panel discussed how recent privacy regulations (i.e. GDPR, CCPA) have the potential to move industry in a smarter direction, but their effectiveness remains to be seen. “There is some basic hygiene we should all be doing that doesn’t require a huge amount of dollars for security at your organization,” said Gupta. “We fail as a tech sector and as individuals at patching” software updates because it’s an inconvenience to our daily work, but “having better patching hygiene as individuals and organzations is important.” Gupta also noted the practicality and mutual benefit of bug bounty programs for both organizations and security researchers to improve cybersecurity.

From left to right: Ashley Tolbert, Ann Cleaveland, Michele Guel, Laura Bate, Aanchal Gupta, Raluca Popa

Getting back to the symposium theme of “reimagining cybersecurity for all”, Bate asked the participants to reflect on the communities that inspire their work and what members of the audience can do to help these groups become more resilient to global or systemic threats. Gupta gave the real-life example of women in some regions of India who felt unsafe uploading their profile pictures for fear of abuse or political and religious backlash in order to explain how there is no “one-size-fits-all” cybersecurity solution and different groups have different security requirements. “Journalists and activists…need a different level of protection for their accounts,” she added. “Facebook has billions of users who have different risk profiles. If you’re only going to build in security tools based upon the major risk profile, you’re going to definitely leave the most vulnerable populations behind.” Tolbert focused on small businesses in countries with feeble infrastructure that don’t have the resources or funds to deploy some of the more expensive security tools on the market. She discussed being inspired by some of the “‘do-good-for-all’ organizations out there,” such as Let’s Encrypt, a free service doing “great things for the future of the Internet” by putting out free resources for the companies who can’t afford to protect themselves the same way larger enterprises can. “Support open-Internet communities,” Tolbert said to the audience. “We can all do our part to support these free, secure, open-source services.”

Before turning the panel over to a Q&A from the audience, Bate asked each participant to share a piece of advice to women in their early careers who might be inspired to work on some of these systemic problems. Popa reiterated the importance of building in security from the ground up as opposed to patching issues as they arise. “I would say to come in and ask questions versus take what everyone’s saying at face value, because sometimes…we don’t know,” said Tolbert. “Having fresh eyes helps expose security holes that a lot of peopel don’t know exist and will help us all get better.” Gupta alluded to the unique steps in her career path that inadvertently led her to transition to other dimensions of security. “Sometimes people think [being in security] requires a different set of skills, but that’s not entirely true,” she said. “We need all of you to be working in security.” Guel echoed that sentiment by adding that there is an extreme shortage of women in the industry and “we could use all of you in this room to learn different facets of cybersecurity.” Guel’s main piece of advice was about the importance for women to come together as a community to share ideas and support each other. “Especially in male-dominated places…if one [woman] wins, we all win.”

Watch a video of the full panel here.

A playlist of video recordings from the entire event is available here.