Sergey Nivens - Fotolia
Phyllis Schneck is a managing director at Promontory Financial Group, the regulatory consulting company IBM acquired in 2016. Schneck joined Promontory in early 2017 after working for the Obama administration. She was formerly deputy undersecretary for cybersecurity and communications in the Department of Homeland Security's National Protection and Programs Directorate, where she focused on work with private companies. Prior to that position, she was a vice president and CTO at McAfee.
Marcus Ranum caught up with Schneck to talk about her early years in computer science, space odyssey with her influential father, who worked for NASA, and why understanding fundamental algorithms -- think IBM Watson technology -- may be in your future.
How did you get pulled into the technical track?
Phyllis Schneck: My dad was a NASA computer scientist. My earliest memories are that he did operating systems for the Apollo. We were living in New York, and his office was at the Goddard Space Studies Institute above Tom's diner. He would bring home punch cards that I would rip up and draw on (and maybe eat). He brought home one of those terminals -- the kind from before they had screens; it formed the letters with heat, not with ink -- a Texas Instruments Silent 700 dot-matrix. It's probably in a museum somewhere. The thing would print all night, and I just loved to watch it. I loved going to his office and seeing ‘blinky' lights, and I decided this is what I wanted to do. And I never got bored of it.
How old were you then?
Did you study computing in school?
Schneck: Growing up, I always had that influence. I played competitive tennis every summer and did the things everyone else does, but I always had that at home, learning from him -- learning about astronomy, learning about computing. He would buy gadgets at museums and put them in the microwave until they exploded. … He was and still is a lot of fun. Then he went into the intelligence community, and I don't know what he did. He ran the supercomputer program for the NSA [National Security Agency] when I was in high school; that's all I know about that. He taught me how amazing it is to study science and that things are more fun when you understand how they work.
I always had that curiosity. I grew up in the age of early Pac-Man or late Atari, so I wanted it at home like every other kid. He said, ‘No, write the program yourself.' So I started on a Timex Sinclair ZX80 -- the kind you plug into your TV, with a tape recorder for storage -- and I wrote my first BASIC programs on that. I interned at NASA, too, when I was in high school. I loved the stuff, but it was more of a hobby; they didn't teach it in school -- I learned everything I know, I think, from my dad. He wouldn't get us the video games, but he would bankroll me and my friends all the quarters we wanted for an arcade -- he just wouldn't let it into the house. And now I have this old 1980s Pac-Man machine in my kitchen.
Computer security is applied curiosity.
Schneck: That's how I'm building my team here at Promontory. I bring in folks that have walked the walk; if you don't really understand how security works, you can't advise anyone. You have to understand from the bottom level up how things work. Let me give you an example: I hacked a few things when I was in high school, and my father went ape because he was working in the intelligence community. His first response was to take away my car keys and to say, ‘I'll give you back the keys, but I need to know what you did.' Then we had a long talk about ethics.
A conversation about ethics is more ‘how things work.'
Schneck: Yes, and ‘why it was wrong.' I didn't mean any harm, and in those days it wasn't really seen as bad. I just liked that you could make something happen on another machine from your bedroom.
Did that lead you into security? Did you define yourself as a system administrator or a programmer or anything like that?
Schneck: A geek that likes cars and country music. I studied computer science and math as an undergrad, then got a Ph.D. in computer science. When I went for the Ph.D. at Georgia Tech, I had a fellowship, but to make enough money to actually live and maintain my 15-year-old car, I had summer jobs. One of those was interning, and I wrote a lot of code for what was then called the Federal Telephone System (FTS 2000). That was my first experience with big data -- how to make machines churn through all the data the government had about phone usage. At the time there were three carriers, and we had to choose which combinations and costs were cheapest. When I was in grad school, one summer, I wound up working for another man in the same company who was one of the leaders in cryptography. We were looking at how we could make high-speed computing work for cryptography applications, and my first piece of work at Georgia Tech was high-speed computing for tornado forecasting: more putting data together quickly to build predictive models. The data's all there; it's what you do with it. It's like what people are doing with IBM Watson technology -- if you can do something more quickly, you can help a lot of people.
What I did was morph high-speed computing into cryptography applications. My thesis was on how to do the crypto operations fast enough and do it with the right performance allocation over multiple processors. I'm dating myself, but at that time it was a Sun SuperSPARC -- I started with a Silicon Graphics (SGI) on my desk and ended up on the SuperSPARC. We made it so you could have a movie or a videoconference without the encryption getting in the way; that's all been negated now with encryption in hardware. I can go home now.
And you're management now?
Schneck: Even with the big, long title that I had at DHS, and being called ma'am every day, I spent a lot of time with the operators. And we changed the way we do things to use the data that we have. That's how we caught the extent of the Office of Personnel Management breach. I'm proud of that and the fact that our teams are once again focused on good science.
What I like about management is having a say in where the company's going to go and helping people build careers. I've been so lucky; I want to help others.
Phyllis SchneckManaging director, Promontory Financial Group
What seems to me to be most important is early exposure to tech and something to spark your curiosity. It's the crucial opportunity.
Schneck: That's why I support the open source movement -- it was the first way that the whole world had a chance to put their talent into something. It's why I tell young people to try to get some fundamental hardcore computer science in their background -- it's helpful to understand the mistakes that happen. Today, you need to understand fundamental algorithms: Computers aren't smart, they're just fast, and you must be able to understand how that relates to what you're doing.
I tell young people to do something they want, not to go into the hot field -- do what you do because you really love it, because that's what you're going to be good at.
How data science jobs differ from business intelligence, analytics
Find out why homomorphic encryption is good for the enterprise
Despite shortage, experienced CISOs leave corporate roles
Dig Deeper on Information security certifications, training and jobs
IBM boosts vertical cloud push with financial services cloud
SCVX launches with $230M IPO, eyes cybersecurity acquisition
IBM admits poor storage results but promises to do better
Are companies with a SOC team less likely to get breached?