{"id":97633,"date":"2019-07-31T15:05:32","date_gmt":"2019-07-31T15:05:32","guid":{"rendered":"https:\/\/news.microsoft.com\/?p=433895"},"modified":"2019-07-31T15:05:32","modified_gmt":"2019-07-31T15:05:32","slug":"diversity-and-cybercrime-solving-puzzles-and-stopping-bad-guys","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2019\/07\/31\/diversity-and-cybercrime-solving-puzzles-and-stopping-bad-guys\/","title":{"rendered":"Diversity and cybercrime: Solving puzzles and stopping bad guys"},"content":{"rendered":"<p>After protecting data and thwarting digital wrongdoers for more than two decades, Diana Kelley bristles at suggestions that cybersecurity is a dry or dull career choice.<\/p>\n<p>\u201cI think it is the most interesting part of IT. It can be a fascinating puzzle to solve. It can be like a murder mystery on that show, \u2018Law &amp; Order,\u2019 except that when they find a dead body, we find a network breach,\u201d she says.<\/p>\n<p>\u201cAs we investigate, we go back through all these twists and turns. And, sometimes we discover that the real culprit isn\u2019t the one we had suspected at the beginning.\u201d<\/p>\n<p>As Microsoft\u2019s global Cybersecurity Field Chief Technology Officer, she wants to erase misconceptions that might be stopping people from more walks of life from entering her profession \u2013 which, she argues,&nbsp; needs new ways of thinking and innovating.<\/p>\n<p><a href=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2019\/08\/diversity-and-cybercrime-solving-puzzles-and-stopping-bad-guys.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-109167\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2019\/08\/diversity-and-cybercrime-solving-puzzles-and-stopping-bad-guys.png\" alt width=\"2601\" height=\"855\"><\/a><\/p>\n<p>Successful companies know that by building diversity and inclusion within their ranks, they can better understand and serve their many and varied customers. Cybersecurity teams need to read from the same playbook so they can better anticipate and block attacks launched by all kinds of people from all sorts of places.<\/p>\n<p>\u201cCybercriminals come from different backgrounds and geo-locations and have different mindsets,\u201d Kelley says. \u201cThey collaborate and use very diverse attack techniques to come after individuals, companies, and countries. So, it helps us also to have a very diverse set of protection and controls to stop them.\u201d<\/p>\n<p>Knowing how attackers might think and act can be difficult for any cybersecurity team, particularly if it is made up of people from similar backgrounds with similar viewpoints. It is the kind of conformity that can even lead to a sort of \u201cgroupthink,\u201d which results in blind spots and unintended bias.<\/p>\n<p><strong>The power of different viewpoints<\/strong><\/p>\n<p>\u201cIf people think in the same ways again and again, they are going to come up with the same answers. This only stops when different viewpoints are raised, and different questions are heard.\u201d<\/p>\n<p>Kelley says attackers come from, and operate in, many different environments, and cybersecurity teams need to match this diversity as much as they can. However, the make-up of today\u2019s international cybersecurity community remains surprisingly homogenous.<\/p>\n<p>\u201cAbout 90 percent are men and, depending on where you are in the world, they are often white men,\u201d she says. \u201cIn Asia, it tends to be a little worse. Only about nine percent are women.\u201d<\/p>\n<p>The need for change comes amid unprecedented demand for cybersecurity and a chronic shortage of skilled specialists across the world. Kelley sees this an opportunity.<\/p>\n<p>\u201cWe\u2019ve got this big gap in hiring, so why not create a more diverse and inclusive community of people working on the problem?\u201d she said in an interview on her recent visit to Singapore, one of many global cities vying for talent in the sector.<\/p>\n<p>One major concern is gender imbalance. Even though many well-paying jobs are up for grabs, relatively few women are taking up, and staying in, cybersecurity roles.<\/p>\n<p><strong>Fixing the gender imbalance<\/strong><\/p>\n<p>\u201cWhen I got into the field almost 30 years ago, women had very low representation in computer science in general,\u201d Kelley says. \u201cBack then, I just assumed it would change over time. But it hasn\u2019t.\u201d<\/p>\n<p>Studies show that girls often drop out of STEM (science, technology, engineering, and math) subjects in middle or high school. Some women university graduates do enter the profession. But a lot end up leaving \u2013 many for cultural reasons in the workplace.<\/p>\n<p><a href=\"https:\/\/3er1viui9wo30pkxh1v2nh4w-wpengine.netdna-ssl.com\/wp-content\/uploads\/prod\/sites\/43\/2019\/07\/tinkering_quote_block.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-109148 size-large\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2019\/08\/diversity-and-cybercrime-solving-puzzles-and-stopping-bad-guys-1.png\" alt width=\"1600\" height=\"527\"><\/a><\/p>\n<p>\u201cThere is a high attrition rate. We need to promote the value of studying STEM. And, we also need to work for the people who are in the field now by creating inclusive work environments.\u201d<\/p>\n<p>Kelley joined Microsoft about two years ago. Since then, she has been struck by its strong culture of respecting diverse viewpoints and encouraging inclusion \u2013 things she hasn\u2019t seen stressed in some other companies.<\/p>\n<p>\u201cNot every idea is a great idea. But that doesn\u2019t mean it should be mocked or dismissed. It should be respected as an idea. I have spoken to some women elsewhere who say because they didn\u2019t feel heard or respected, they didn\u2019t want to stay in IT.\u201d<\/p>\n<p><strong>Bringing in all sorts of people<\/strong><\/p>\n<p>Kelley says more can be done to build up diversity and inclusion beyond fixing the gender mix. Again, she is impressed by Microsoft\u2019s efforts. \u201cYes, we need to engage more women. But we also need to bring in all sorts of people from different social and career backgrounds.<\/p>\n<p>\u201cFor instance, our team \u2013 the Cybersecurity Solution Group at Microsoft \u2013 is looking for people who may not have worked in cybersecurity in the past, but have a great interest (in technology) as well as other talents. So we are creating diversity that way too.\u201d<\/p>\n<p>Kelley recounts her own sideways entry into the field. She fell in love with computers and software during her teens when she discovered for herself how vulnerable networks at the time could be.<\/p>\n<p>Later she graduated from university with a very non-techie qualification: a degree in English. Her first few jobs were editorial roles, but being tech-savvy soon meant she became the \u201cgo-to IT guy\u201d in her office.<\/p>\n<p>\u201cFinally someone said to me, \u2018Hey, you know what? IT is your calling, and we are hiring.\u2019 So, what had been a hobby for me then became a career.\u201d<\/p>\n<p>She eventually moved into cybersecurity after an intruder broke into a network she had just built. \u201cI pivoted from being a network and software person to someone very much focused on creating secure and resilient architectures and networks to thwart the bad guys.\u201d<\/p>\n<p><strong>We need diverse thinkers<\/strong><\/p>\n<p>Looking to the future, she wants a broader pool of job seekers to consider careers in cybersecurity, even if they did not like STEM at school.<\/p>\n<p>\u201cWe need diverse thinkers \u2026 people who understand psychology, for example, who can help understand the mindsets behind these attacks. We need great legal minds to help with ethics and privacy. And, political minds who understand lobbying.\u201d<\/p>\n<p>The cybersecurity world needs individuals who are altruistic and have a little more. \u201cWe go into this field because we want to do the right thing and protect people and protect data. That is a critical part. And, it also really helps to have a sort of a \u2018tinkering mindset.&#8217;\u201d<\/p>\n<p>She explains that when cybersecurity professionals create systems, they also have to produce threat models. To do that, they need to think about, \u2018What if I was a bad guy? What if I was trying to take this apart? How could it be taken apart?\u2019 That is the point where they can start to work out how to make their system more attack resistant.<\/p>\n<p><a href=\"https:\/\/3er1viui9wo30pkxh1v2nh4w-wpengine.netdna-ssl.com\/wp-content\/uploads\/prod\/sites\/43\/2019\/07\/Badguy_quote_block.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-109145 size-large\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2019\/08\/diversity-and-cybercrime-solving-puzzles-and-stopping-bad-guys-2.png\" alt width=\"1600\" height=\"534\"><\/a><\/p>\n<p>Meanwhile, she is eager to debunk a few myths swirling around the subject of cybercrime.<\/p>\n<p>For starters, the days of the smart lone wolf kid in a hoodie hacking for fun from his bedroom are more or less over. Nowadays, only a tiny minority of perpetrators cause digital mischief and embarrassment just for the bragging rights or are \u201chacktivists\u201d who want to advance social or environmental causes.<\/p>\n<p>Ominously, there are sophisticated state-sponsored actors targeting the vulnerabilities of rival powers. Governments around the world are rightly worried about their citizens\u2019 data. But they also fear for the security of vital infrastructure, like power grids and transport systems. Accordingly, military strategists now rate cyber as a field of warfare alongside land, sea, and air.<\/p>\n<p>That said, most of the bad guys are simply in it for the money and do not deserve the glory and headlines they sometimes get.<\/p>\n<p>\u201cThey are not glamorous. Many are in big criminal syndicates that just want to grab our data \u2013 hurting us and hurting our loved ones.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After protecting data and thwarting digital wrongdoers for more than two decades, Diana Kelley bristles at suggestions that cybersecurity is a dry or dull career choice. \u201cI think it is the most interesting part of IT. It can be a fascinating puzzle to solve. It can be like a murder mystery on that show, \u2018Law [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":97634,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[58,50],"class_list":["post-97633","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-news","tag-diversity","tag-recent-news"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/97633","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=97633"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/97633\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/97634"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=97633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=97633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=97633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}