NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Celebrating Together: Loving Diversity in Cybersecurity

January 19, 2021

  • Blog
  • Archive

If you think about your career and your life, you probably have some vivid memories of friends and allies—of the times when you worked with others to solve big problems, and the low times when your colleagues helped to lift you up. While writing the previous sentence, I had flashes of building out the security research publication process for IBM with 3 incredible colleagues, responding to a breach with a coordinated team—so in sync, it was as if we were a single organism, and of the wonderful person who saw me speaking about software and offered me my first professional IT job.

But while working together makes us stronger, that doesn’t mean we all have to think alike or agree on everything. One of the powers of collaboration is how diverse views make us stronger. This is especially true in the information/cyber security field where defenders face adversaries from different backgrounds, who are driven by different motivators. Cyber-criminals may focus solely on profit, cyber-terrorists on chaos and destruction, and nation-states on disrupting other nations’ command and control infrastructure.

Battling diverse threats means coming together with diverse and creative thinking. So, in preparation for the next BeyondTrust Women in Security virtual event, we thought it would be nice to dive a little more deeply into the ways diversity can bring us together and make us stronger.

Diversity of thought – flirting with fresh ideas

Agreeing on norms of behavior helps keep society running smoothly. Traffic flows on because there are speed limits, lane markers, and on ramps/off ramps that drivers respect. As drivers, we agree to obey these rules when we get our licenses. But sometimes, as situations and context change, those rules should be revisited and optimized. For example, as car and road safety increased, many states opted to increase their speed limits. Sometimes, efficiency means re-thinking outdated approaches and injecting fresh ideas.

Since humans are creatures of habit, it can be hard for us to break out of old patterns, especially if we’re working with groups that reinforce our ways of thinking. This is why diversity of thought in cybersecurity is so important and one of the reasons that I spend a good deal of time speaking with practitioners who are newer to the field.

Think about the global response to WannaCry—expert cyber teams were responding in a commonly accepted manner, which was to detonate the malware to observe its activity and then reverse engineer the code. But one researcher, Marcus Hutchins, looked through the code and found an unusual domain name. Turned out, that domain was a kill switch. By registering the domain and setting up a server to respond to heartbeats, Hutchins helped stop a large part of the attack. That’s the power of different viewpoints and diverse thinking.

Diversity of talent – opposites attract

What we know and what we’re good at also contribute to the power of collaborative diversity. Hearkening back to the research publication process I mentioned at the beginning, the diverse talents of the other team members is a large part of why implementing the process worked and that diversity carried over into the peer review of research publications. One of my colleagues had deep expertise with disclosure, which meant we were able to optimize the long, lengthy, and complex activity, while also ensuring that we were following all the appropriate disclosure rules (which often varied by geographic region and company).

If you haven’t submitted a research document for review, you may not be familiar with the concept of peer review. The name is quite descriptive, as it refers to the activity of sending research for review by other experts or peers. Diversity of talent drives this kind of review. In cyber, for example, a vulnerability in software may behave differently depending on the underlying firmware or hardware. Software security experts and hardware security experts have different sets of talent, but both matter when reviewing interdependent vulnerabilities. Without diverse reviewer talents, only part of a vulnerability may be understood.

Diversity of palate - a perfect pair(ing)

Even in a technical field like cybersecurity, not everything is technical! Which is why it’s so important to take time to step back and network with others, debrief, and share experiences. With that in mind, next month’s Women in Security virtual event will be exploring how different wines pair with chocolate.

Just as the right peer with a hardware background can make all the difference in understanding the true impact of an interdependent software vulnerability, the right wine (or NAB: non-alcoholic beverage) can transform how a piece of chocolate tastes. I’m really looking forward to the event and to getting to expand my own mindset by meeting new people and reconnecting with old friends in the networking session to follow.

Hope you can join us as we work to celebrate diversity Women in Security!

Photograph of Diana Kelley

Diana Kelley, CTO, Executive Mentor, Research Analyst, Security Keynote Speaker

Diana Kelley’s security career spans over 30 years. She is Co-Founder and CTO of SecurityCurve and donates much of her time to volunteer work in the cybersecurity community, including serving on the ACM Ethics & Plagiarism Committee, as CTO and Board member at Sightline Security, Board member and Inclusion Working Group champion at WiCyS, Cybersecurity Committee Advisor at CompTIA, and RSAC US Program Committee.

Diana produces the #MyCyberWhy series, hosts BrightTALK’s The Security Balancing Act, and is a Principal Consulting Analyst with TechVision Research and a member of The Analyst Syndicate.

She was the Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), and a Manager at KPMG.

She is a sought after keynote speaker, the co-author of the book Cryptographic Libraries for Developers, has been a lecturer at Boston College's Masters program in cybersecurity, the EWF 2020 Executive of the Year, and one of Cybersecurity Ventures 100 Fascinating Females Fighting Cybercrime.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.