Next is Now: Takeaways from Grace Hopper Celebration 2022

From cutting-edge ideas and cyber resilience to the importance of diversity tech, this year's Grace Hopper Celebration showcased just how many different ways in which women and non-binary individuals can impact the industry at every stage of their careers.
Next is Now: Takeaways from Grace Hopper Celebration 2022

Designed to bring the research and career interests of women in computing to the forefront and highlight the contributions of women to the tech world, The Grace Hopper Celebration of Women in Computing (GHC) is the world's largest gathering of women technologists, where women from around the world learn, network, and celebrate their achievements.

Named after computer scientist Grace Hopper, who was a pioneer of computer programming, the conference includes presentations covering many areas like artificial intelligence, data science, computer systems, software engineering, security, privacy, and more, along with one-on-one career sessions and level-up labs. Together with my Salesforce colleague, Dina Nichols, I was super excited to attend this event virtually this year.

A major focus of this year’s event was what organizations can do today to help improve their threat landscape. With higher dependance than ever on digital systems and constant global interconnectivity, now is a golden time for cyber criminals. 

In 2021, the average number of cyberattacks and data breaches increased by 15.1% from the previous year. Global cybercrime costs are predicted to reach $10.5 trillion USD by 2025. Cloud-based services are vulnerable to many attack vectors used by eCrime and targeted intrusion adversaries including cloud vulnerability exploitation, credential theft, cloud service provider abuse, use of cloud services for malware hosting and C2, and the exploitation of misconfigured image containers.

As businesses are finding paths forward with new technologies and solutions, cyber adversaries are also adapting. For example, ransomware has become organized crime as it evolves as a commodity, and ransomware-related data leaks increased by 82%. As the threat landscape changes rapidly, how can we keep ahead of adversaries today and build for the future? 

The key is cutting-edge technology, talented people, and the right processes. And the best time to invest in those is now. Machine learning and data science are critical techniques in this battle to help process, analyze and connect data at large scale. During this year’s conference, we got to see just how a few interesting data science applications in security and strategies to build talent pools can help.

Bot detection using clickstream data and outlier detection model

Frequently found on social media platforms imitating actual human profiles and behavior, bots are pretty common today. So common, in fact, that this non-human traffic actually accounts for more than 40% of the total internet traffic in 2022. Not all bots are bad, though. Bots can be good or bad actors depending on their purpose: good bots include such things as self-identified crawler bots that can improve website performance on search page results, and bad bots include DDoS botnets and account takeover bots that interrupt access to websites and conduct fraudulent activities.

Since the start of the pandemic, there has been a significant increase in bot activity and bot programs have evolved to bypass traditional detection rules. Amy Duda and Varsha S. Kumar from Target presented an interesting use case that detects bots with outlier detection models. This application is very relevant and can be used in many use cases like bot detection of bulk signup. 

In this bot detection use case, the presenters highlighted the importance of data exploration to tell whether a user is a bot or human with a huge amount of data. They analyzed the behavior patterns of self-identified good bots and humans using exploratory analysis and found several key features were able to separate them. For example, many bots visit product pages only, have been active during all hours of the day and reseller bots usually make bulk purchases of high demand products.

Those findings are critical to build useful features in the anomaly detection model to identify bots. Data exploration is the initial step in data analysis but it lays the foundation for the following feature design and model development. It takes scientific thinking and iterative experiments, and is often overlooked especially with the rise of deep learning. Understanding the data should always be an essential step in data science projects to help both model development and result interpretation.   

Generic Algorithm Approach for Enhancing Network Resiliency

A resilient computer network should be resistant to infiltration and attack while providing utility for legitimate users, but this isn’t always the easiest thing to achieve. One way of accomplishing the kind of fine-grained control over access policy needed for optimal network resilience is through microsegmentation

Traditional methods of network segmentation often secure traffic in the north-south (outside vs. inside) orientation. Microsegmentation, however, is a granular approach to workload isolation and security that provides greater control over east-west (lateral) traffic inside a network, for example, for limiting lateral movement by adversaries who have breached perimeter defenses.

Karen Johnsgard from MITRE presented a novel approach to optimizing network microsegmentation policy for maximum resilience. The network is represented as multiple subgraphs, with host IP addresses as nodes and their connection as edges. It includes a mission subgraph and an attack subgraph (Figure 1). Edge values in mission graph encode the need to move from one node to another, and higher values indicate a lot of traffic and/or more valuable information.

For example, the edge between node 1 and 2 in Figure 1 has a mission value of 100, meaning there’s a lot of traffic between them and the information obtained through this connection is highly valuable. In the attack subgraph, edge values are binary (0 or 1), representing whether an attacker is able to reach (in terms of lateral network movement) directly in one attack step [6]. As shown in the attack subgraph of Figure 1, the edge from node 4 to node 2 has a value of 0, meaning one cannot move directly from node 4 to node 2. 

Then the resilient network policy was formulated as an optimization problem that has two objectives: maximizing shortest attack path and minimizing mission impact at the same time. Here a generic algorithm is used to solve this optimization problem because of the huge search space and its effectiveness to evolve through generation. This application provides novel insights for network access policy design to make the network more resilient.

Figure 1: Mission and Attack subgraph in network optimization

Federated Learning: Balancing the Thin Line Between Data Intelligence and Privacy

It’s not news that data privacy is an important issue. Many regions, including the European Union, Canada, India, and California also have data privacy and security laws and regulations that govern the proper handling of sensitive, personal, and confidential data. Violation can cost millions in fines and settlement. While these regulations put more restrictions around customer data, they can also pose challenges to machine learning models that rely on data to learn and derive insights. 

Sherin Mathews from U.S. Bank gave a high-level introduction of federated learning (also known as collaborative learning), a trending option to handle just this challenge.

Federated learning (FL) is a machine learning technique that trains an algorithm across multiple decentralized edge devices or servers holding local data samples, without exchanging them (Figure 2). It has been used in many fields like self-driving cars, digital health, and virtual assistants to provide real-time predictions from machine learning models without sharing customer data.

It can be categorized to cross-device and cross-silo FL based on the scale. In cross-device FL, clients are small distributed entities (e.g., smartphones, wearable and edge devices) and each client has a relatively small amount of local data. Hence it usually requires a large number of edge devices to train. By comparison, clients are typically companies or organizations that have large computational ability and only a few clients participate in the training in cross-silo FL. Federated learning allows for smarter models, lower latency, and less power consumption, while ensuring privacy remains intact. 

Figure 2: Federated learning general process in central orchestrator setup

Diversity Leads the Way for Innovation

While taking part in the Grace Hopper Celebration, Salesforce also participated in multiple recruiting activities. Specifically, notes Dina Nichols, Director, Systems Engineering, our Security organization held virtual 1:1 sessions with a number of attendees. “This was a great way to inform women and non-binary individuals about Salesforce Customer 360, our company values, and what it means to be an employee with our company!

“There was a lot of interest from attendees,” observed Dina, “Which opens doors for us to bring on skilled individuals, especially as we continue to focus on equality as a core value of our company. As we continue to drive our digital business, we must seek the right people for our roles and having a diverse workforce leads the way for innovative solutions. Diversity is good business because we can connect our products with the populations we serve and do it well. It was really a delight to meet such talented people and get an understanding of the varied skills that could potentially help our organization.”

“During the conference, we participated in multiple speaking sessions,” said Dina. “A session that stood out and seemed very helpful was, In Their Own Words: Female Technologists on How Women Make it to the Top in Tech, by Neveen Awad, Managing Director & Partner, DigitalBCG. The session reviewed many studies and pointed out how, in organizations where there are 30% female leaders, those organizations have a 15% increase in profitability. The studies presented also found that the leadership gap has less to do with women’s willingness to take on higher-level roles and more to do with the timing of a promotion. When women take on their first or second promotion, they are usually stretching themselves. Below are a few examples of how we can bridge the gap:  

  • Women can go into a new role without knowing everything and it is okay. Take that role on and stretch yourself by learning quickly, prioritizing well, determining your gaps and pivot where needed. 
  • Surround yourself with an encouraging support system. Small changes make a world of difference and when women are encouraged in their career, they are more likely to succeed. Know that there will always be some discomfort as you are growing your career. Lean on others. 
  • Mentorship is important and continue leaning on mentors to help you along the way. Do stay connected.  
  • Repeatedly show technical proficiency. Men may be more likely to be vocal about their technical accomplishments. Studies found that women tended to be tested more early in the boom and once they overcame that, they were then allowed to be vocal about their strategy and ideas. Always communicate your accomplishments and determine who should have insight to your achievements.  
  • There is a diversity of paths women can pave for themselves and organizations can help by recognizing and rewarding these unique paths to grow female leaders.  

Overall, the many sessions and participants at the Grace Hopper Celebration really showcased just how many different ways in which women and non-binary individuals can impact the industry at every stage of their careers. We will continue to be inspired by the many connections we made during this year’s conference and excited for the future of cybersecurity in their hands!

Dina Nichols, Director, Systems Engineering, Defensive Security Networking is an experienced cybersecurity professional and noteworthy leader driven by empowering others to bring their best solutions forward. She takes pride in leading her teams with enthusiasm, shaping strategy, and improving business processes. Her professional experience includes work in behavioral sciences, IT operations, risk management, process/lifecycle management, product management, and leadership. In addition to her primary job functions, Dina has executed multiple global enterprise projects, providing a unique perspective into the opportunities that organizations face in building and evolving cybersecurity programs.

Histórias recomendadas