Women's security conference touches all bases

Privacy, legislation, hacking, risk management and intrusion detection will be high on the agenda at the Executive Women's Forum on Information Security Sept. 10-12 in Fort Myers, Fla. Influential women in IT will discuss the most challenging issues facing information security today. In this interview, Hilarie Orman, founder and CEO of Purple Streak, a provider of enterprise cryptography solutions in Salem, Utah, and panelist for a session titled "Government's Role, Then & Now" at the Executive Women's Forum, talks about her career and the state of information security. A graduate of MIT with a Bachelor of Science in mathematics, Orman has extensive experience in information security. She's worked in research and development for various organizations, including the University of Arizona and Provo, Utah-based Novell's Volera division, a provider of information security products.

Could you provide some examples of 'clueless legislation?'
Clueless legislation includes the current toothless antispam laws, WIPO [World Intellectual Property Organization] which stifles use of digital media, and Sen. Orrin Hatch's belief that illegal downloaders should have their computers destroyed. Good legislation levels the playing field for businesses and fosters innovation, like legislation that allows digital signatures for contracts. How did you become involved with information security?
I became a computer programmer, and I fell into operating system work and networking and was lucky enough to work on an early secure operating system for networking. That involved all kinds of things -- very high quality programming, analysis, cryptography and formal verification. So, through that, I met people who were working on interesting problems and just retained an association with them in the field. What do you see as the biggest challenge to being a woman in information security? Or maybe you don't view yourself in this manner?
Well, I didn't for a long time view myself as a 'woman' in information security. In fact, it was my observation for a long time that it wasn't particularly unusual to be a woman in computer security. This was, though, 20 years ago. And having gone to MIT 30 years ago, I certainly knew what it was like to be the only woman in a classroom or auditorium, so I felt that information security was a fairly female-friendly field for a while.

Now I think the challenge that's come up is that it's much more a day-to-day adversarial field where you're trying to, in essence, dissuade attacks from teenage boys [from] all over the world. And I think that has given it a much more male kind of influence. I think that there's an image problem for a woman in this field. They'll say, 'Oh, maybe you know some mathematical stuff, but the real nitty-gritty of protecting my server from a hacker, do you know that?' What role should the government play in setting standards?
The National Institute of Standards and Technology is an example. They set standards for cryptography and authentication for the government, but they're available for industry if they want to voluntarily adopt them. I think that's an excellent use of standards, and that could be widened quite a bit. So it's really a problem of deploying a solution? All the tools are there to meet it; it's just a question of can you get them?
Tools are there. Whether or not they're non-draconian tools is another question. And I think that is one challenge -- making the solutions practical, so that they actually save people trouble rather than just causing them false alarms.

But the other major challenge is the Internet. And it's very vulnerable. There are many solutions, but there is no overall plan or solution. And it remains an extremely fragile and vulnerable infrastructure. Do you think federal legislation advances or hinders information security?
Well, as with all legislation, it's double-edged. One of the points that I'm going to make in the panel is that clueless legislation is extremely harmful, and we've certainly seen some examples of clueless legislation. On the other hand, it's a learning process for everyone, even for legislators and for practitioners who have to deal with the consequences of legislation. Some of it is definitely helpful, but I think it focuses far too much on protecting business interests. Legislative momentum is for protecting particular kinds of business on the Internet rather than the Internet. What do you see as some of the biggest threats and obstacles to information security?
There's a lot of talk about insider breaches and how your workers are the weakest link. They're the biggest threat to security.

Well, [workers] certainly are. That's true. And that is a challenge information security is prepared to face, but not many people want to deploy the solutions. And I think that's coming along, but it's very slow. This is a decades-long process. Do you have any advice for young women interested entering the security field?
My advice is don't be distracted by hacking. [Information security] is a highly analytical field. This is especially important for young women to understand. There are extremely interesting problems in the field, and [it's important] to view it as a high quality analytical exercise, not a game.

Hacking often seems to be an aggressive and interesting game, but it is [a] usually simple-minded repetition of mischief. On the other hand, designing or deploying general and useful solutions is a challenging exercise, worthy of creative and analytic minds.

SearchSecurity.com news exclusive: "Oracle CSO sees 'unbreakable' security as a must"

SearchSecurity.com news exclusive: "Are insiders really a bigger threat?"

SearchSecurity.com technical tip: "Compliance with California's new mandatory disclosure law"

SearchSecurity.com technical tip: "How to successfully comply with new security legislation"

Best Web Links on legislation

FEEDBACK: Are there challenges to being a woman in information security?
Send your feedback to the SearchSecurity.com news team.

Dig deeper on Information Security Jobs and Training

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close