After nearly a decade as an astronomer, Dr Leila Powell wanted a change: I enjoyed the type of work I was doing but I started to feel that I wanted to do something where it would impact people's daily lives a bit more. Powell enjoyed the technical aspects of astronomy but wanted to put her skills to work outside of academia.
Much like astrophysics there are few traditional routes into cybersecurity, perhaps because the industry hasn't been around long enough to develop traditions'.
Powell's route into cyber-security was data science - dealing with large data sets, analysing them and pulling out insights. In her previous line of work, questions of how you communicate those insights, make them accessible and ensure they can't be misinterpreted are critical. It was a lesson she kept in mind when she made the jump to IT security.
Powell decided that she wanted to work in a startup because there would be more opportunity to learn different things, it would be a bit more fast-paced, and maybe I could keep some of the aspects that I liked about academia working in small teams, working on future problems.
It was a twist of fate that Powell landed where she did: I just started looking at startups that I thought were interesting, and Panaseer was one of those that I found out about. At that point I thought, cyber-security, that sounds interesting, could be good.'
Powell was impressed by the refreshing maturity and expertise of her interviewers: The team had a lot of experience working inside cyber-security which can be unlike the typical start-up of young people starting a new App.
These were people who knew what they were doing already. I believed in them and the idea, and thought it would meet that need in me to help people because it's becoming such a pressing issue now, for everybody. And I ended up here 18 months ago.
Both astrophysics and cyber-security are very male dominated areas, so SC asked Powell how the two compared, and what particular issues had she faced as a woman?
Powell explain that astronomy in general had a slightly higher percentage of women than cyber-security - 25 percent on her University course - but it was a very low number when she worked in a niche area as a theorist analysing supercomputer simulations to study galaxy formation and evolution. There might be just me or one other woman in a room of 50 people and that's my experience in security as well.
As for issues faced, Powell says, I think I have been reasonably lucky in that I've got used to being in a male-dominated environment very young studying physics, and then astrophysics. Certainly you get lazy comments. If I go to a tech event, people just assume that you are in HR or marketing, and it's not meant in a bad way, it's just that assumption. Or in talks they will always refer to a generic CISO as He'. And things like that can create an impression that you are an anomaly."
I have also noticed that an all male group will communicate differently to a mixed group or female group. I know that, particularly early in my career, I made efforts to insist in getting my point in, rather than waiting for someone to allow me to speak. Now that may be a personality thing rather than a specific gender thing, but typically women are socialised to be a bit more polite, and a bit more reticent to come forward and stand by their views. It's something I've learnt to do being in the environment I've been in.
But Powell also recognises that her relatively mild encounters are not necessarily the experiences of others: If I see anything more significant I am quite shocked by it. I know this stuff happens, but I've been lucky.
Powell notes how at events it's not uncommon to hear comments about a woman speaker's appearance in the middle of a technical talk. You think to yourself, what on earth are you doing? Other people share your outrage but it still happens. They might say She was really great', and then add some other comments, and you'd think, just stop there.'
But Powell's not completely sold on the approaches taken to actually get more into security because, she says, even then women are pushed into non-technical roles, like communications: I am sure there are many men that have excellent communication skills, but aren't technical that might consider a career in security if they knew there were roles like HR, marketing, more organisational roles.
If it's a fact that cyber-security has a Techie' image, that puts off people that don't have those skills, then let's open that out to men as well. Let's make it a gender neutral call to the general public.
It's interesting that you see a deficit of men in' women's roles', caring and communicating professions and you see a dearth of women in technical roles. Cyber- security can't undo all that, but I think [you can promote] role models of women who are in technical roles.
Powell adds, You also need to make the environment welcoming to women, so it's not just getting them there, it's retaining them there.
Security data scientist?
Panaseer's aim is to provide insight for security stakeholders and companies into their security situation and to give them the information they need to make informed decisions about what should be done next.
Powell adds that it's important that different people get information which suits their role: From the CISO, to the Sec Ops Team, each position within an organisation will need to know about the same situation but different levels of detail. We need to provide the information they need to do their job efficiently and be well informed.
In short, deliver the right insight to the right person at the right time.
The biggest issue companies face, according to Powell, is lack of visibility: We have all these tools gathering data, but there's not really a coherent picture of what's going on and being able to even know what's on their estate.
A company may have up to 15 controls on their estate. There's a lot of information to take in, often in lots of different places. Powell's role, as a data scientist is essentially to look at that data and find ways to view, analyse it, and present it so there is a communication piece which is really important to present it such that people can really understand what's going on on their estate and know what to do next.
At the very beginning is Security Information and Event Management data, otherwise known as SIEM data, which has to be brought onto platforms; part of the role as a data scientist is to understand that data as well as model and clean it.
The quality of the data is crucial, so part of my role will be to be involved in that; to model, to make it the best it can be. The next stage is what analysis do we want to have?', what data sets can we put together to get more value than you would get if you had things separately.
The next question is how to analyse that data. That could be about enriching it with more information or you might want to know which region one of your assets is in, and bring that together with an asset database.
Data is then searched, analysed and new ideas are tried out. When you have something you can work with, production code is written to feed into the Panaseer platform. That platform then runs on the client's estate and generates information on a regular basis so that that the client can check it.
Powell told SC that the most challenging bit of that process can be simply getting the data depending on who owns the data and where it is actually stored, it can take time to attain.
Powell points out that, This first stage is where a lot of the challenges lie and it can be a real blocker to getting useful insight. And it can sometimes be better to get a data set that is more easily accessible and demonstrate some value quickly, and make one aspect of someone's job easier.
Providing technical information is all well and good for people to do their job, but ultimately they'll have to report up, justify budget and show how the security team is working.
But it's hard to report on something that hasn't happened, explains Powell, We have this idea of different levels of insight dependent on the stakeholder and it's not just the stakeholder, it's also the audience who they are reporting to, so for example, the CISO might be meeting with the vulnerability manager and discuss perhaps a lower level of detail, but if they then have to go and report to the CEO, they don't want to be showing them lists of vulnerabilities across the estate then things would relate more to policies, SLAs, and risk.
The information provides an indicator ahead of time, so the report may say, It's looking like you might not hit your KPIs next month, let's try to act now.' Whereas at the moment people don't have the visibility to even do that a lot of the time. It's about tailoring that information, personalising it, then they'll use that to decide its providing evidence for a decision.
Often, says Powell, it reinforces how people need to focus on getting the basics right so that they are protected from the threats we all know about that have been around for ages; do they know that what they have installed is actually working? If you start getting less data coming through do you know why are you getting fewer alerts? Because there are fewer threats or because something has gone wrong, been switched off, or half your estate isn't even scanning any more?
Regarding the role of AI, Powell comments, Machine learning is great, great set of algorithms, great at finding complex correlations in data that it would be challenging for a human to spot with pen and paper, but it really is just a set of techniques. It's not magic despite what a lot of marketing might have you believe.
There's always caveats, adds Powell. Machines tend to throw up a lot of results and within them will be a lot of false positives
As with anything like that there's always caveats. One of the issues is that machines will throw up a lot of results for you. You'll always have false positives in that. Things that will be flagged up as worthy of looking at but aren't actually anything. People in security are already bombarded with information from a plethora of different sources, but in order to make that noise intelligible, an analyst, needs to go and work out what is really valid.
So how has Powell found the career change? She told SC, The skills I am using are the same including visualisation and communication; people often say it's a strange transition and it is in some ways, but [less so] with the maths skills, analytic skills and communication skills, and you pick up a lot of domain knowledge as well.
Getting to be in a start-up is also interesting. When I came in I was number five and we're 19 now. It was really exciting being part of a new company, so I learnt a lot about how businesses work as well, how the progression of a start-up works. We're all kept in the loop about how things are doing, get involved in recruitment, attend start-up community events around Silicon Roundabout and are involved in all aspects.
It's not just big companies now that need security, its small businesses too. Powell concludes, The average person can now get Ransomware attacks and has almost no knowledge about what they might do in order to be secure and that does worry me. How would the average non-technically minded person protect themselves when they're not even aware they need to defend themselves?
I wanted to have this impact on people's daily lives, and while Panaseer is not directly helping the general public, it's helping companies be more secure it's all part of the same thing.
Now I feel like I am making that impact. It affects people personally which is what I was hoping for.
View original post here:
One giant leap for womankind - from astrophysics to IT security - SC Magazine UK
- Rotational spectra of isotopic species of methyl cyanide, CH_3CN, in their ground vibrational states up to terahertz frequencies [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Cosmological parameter extraction and biases from type Ia supernova magnitude evolution [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Continuous monitoring of pulse period variations in Hercules X-1 using Swift/BAT [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Constraining the ortho-to-para ratio of H{_2} with anomalous H{_2}CO absorption [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- A photometric and spectroscopic study of the new dwarf spheroidal galaxy in Hercules - Metallicity, velocities, and a clean list of RGB members [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Luminosities and mass-loss rates of SMC and LMC AGB stars and red supergiants [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Electron beam – plasma system with the return current and directivity of its X-ray emission [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The propagation of the shock wave from a strong explosion in a plane-parallel stratified medium: the Kompaneets approximation [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Analysis of hydrogen-rich magnetic white dwarfs detected in the Sloan Digital Sky Survey [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Letter: Centaurus A as TeV \gamma-ray and possible UHE cosmic-ray source [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Young pre-low-mass X-ray binaries in the propeller phase - Nature of the 6.7-h periodic X-ray source 1E 161348-5055 in RCW 103 [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Radiative rates and electron impact excitation rates for transitions in Cr VIII [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Solar granulation from photosphere to low chromosphere observed in Ba II 4554 Å line [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Does the HD 209458 planetary system pose a challenge to the stellar atmosphere models? [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Effect of asymmetry of the radio source distribution on the apparent proper motion kinematic analysis [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Destriping CMB temperature and polarization maps [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Search for cold debris disks around M-dwarfs. II [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Precise data on Leonid fireballs from all-sky photographic records [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- An X-ray view of 82 LINERs with Chandra and XMM-Newton data [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Radio observations of ZwCl 2341.1+0000: a double radio relic cluster [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Candidate free-floating super-Jupiters in the young \sigma Orionis open cluster [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The metallicity gradient as a tracer of history and structure: the Magellanic Clouds and M33 galaxies [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- XMMSL1 J060636.2-694933: an XMM-Newton slew discovery and Swift/Magellan follow up of a new classical nova in the LMC [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The inner rim structures of protoplanetary discs [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The solar Ba{\sf II} 4554 Å line as a Doppler diagnostic: NLTE analysis in 3D hydrodynamical model [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Magnetic evolution of superactive regions - Complexity and potentially unstable magnetic discontinuities [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Low-mass protostars and dense cores in different evolutionary stages in IRAS 00213+6530 [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- PMAS optical integral field spectroscopy of luminous infrared galaxies - I. The atlas [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- First AGILE catalog of high-confidence gamma-ray sources [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Radiative hydrodynamics simulations of red supergiant stars - I. interpretation of interferometric observations [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Extrasolar planets and brown dwarfs around A–F type stars - VII. \theta Cygni radial velocity variations: planets or stellar phenomenon? [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Cosmic rays and the magnetic field in the nearby starburst galaxy NGC 253 - II. The magnetic field structure [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Physical structure and water line spectrum predictions of the intermediate mass protostar OMC2-FIR4 [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The bright galaxy population of five medium redshift clusters - II. Quantitative galaxy morphology [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Dust in brown dwarfs and extra-solar planets - II. Cloud formation for cosmologically evolving abundances [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The quiet Sun magnetic field observed with ZIMPOL on THEMIS - I. The probability density function [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Complexity in the sunspot cycle [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Properties and nature of Be stars - 26. Long-term and orbital changes of \zeta Tauri [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The massive Wolf-Rayet binary LSS 1964 (=WR 29) - II. The V light curve [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Supernova progenitor stars in the initial range of 23 to 33 solar masses and their relation with the SNR Cassiopeia A [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The Hertzsprung-Russell Diagram of Star Clusters [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Table of the 10 Brightest stars within 10 Parsecs of the Sun [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The Hertzsprung-Russell Diagram of the Nearest Stars [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Magnitude and Color in Astronomy [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Stellar Types [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Brown Dwarfs [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Spotting the Minimum [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The Structure and Evolution of Brown Dwarfs [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- No Bang from the Big Bang Machine [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The Sizes of the Stars and the Planets [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- An Implausible Light Thrust [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- the Masses of Degenerate Objects [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Degeneracy Pressure [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Introduction to Degenerate Objects [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The Radii of Degenerate Objects [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The Inevitability of Black Holes [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Scientific Pig-Out [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The Neutrino Cooling of Degenerate Dwarfs [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- The Neutrino Cooling of Neutron Stars [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Overview of Supernovae [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Energetics of Thermonuclear Supernovae [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Thermonuclear Supernovae [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Nuclear Reactions in Thermonuclear Supernovae [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Core-Collapse Supernovae [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Neutrinos and SN 1987A [Last Updated On: November 8th, 2009] [Originally Added On: November 8th, 2009]
- Revealing the sub-AU asymmetries of the inner dust rim in the disk around the Herbig Ae star R Coronae Austrinae [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- Probing the dust properties of galaxies up to submillimetre wavelengths - I. The spectral energy distribution of dwarf galaxies using LABOCA [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- On the physical origin of the second solar spectrum of the Sc II line at 4247 Å [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- On detecting the large separation in the autocorrelation of stellar oscillation times series [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- Imaging the spotty surface of Betelgeuse in the H band [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- Chandra observation of Cepheus A: the diffuse emission of HH 168 resolved [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- A planetary eclipse map of CoRoT-2a - Comprehensive lightcurve modeling combining rotational-modulation and transits [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- The chemical composition of carbon stars. The R-type stars [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- Flow instabilities of magnetic flux tubes - IV. Flux storage in the solar overshoot region [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- Fragmentation of a dynamically condensing radiative layer [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- Temporal variations of the CaXIX spectra in solar flares [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- Deuterium chemistry in the Orion Bar PDR - “Warm” chemistry starring CH_{2}D^+ [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- Metal abundances in the cool cores of galaxy clusters [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- The nature of the X-ray binary IGR J19294+1816 from INTEGRAL, RXTE, and Swift observations [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]
- Relating basic properties of bright early-type dwarf galaxies to their location in Abell 901/902 [Last Updated On: December 13th, 2009] [Originally Added On: December 13th, 2009]