How does HashiCorp Boundary pair with Cmd's eBPF monitoring solution for Linux?
By: Deepali Arora
When you hear the word “cybersecurity”, it’s likely that an image of geeky guys in hoodies writing code in a basement comes to mind. While this is a stereotype, the gender problem in the security space is unfortunately still a very real problem. Back in 2013, the cybersecurity industry included a mere 11% women. While the proportion of women in cybersecurity has been rising in recent years, today women still make up only 20% of the cybersecurity workforce.
Another important emerging field in technology is that of data science. Just 25% of those working in the data science domain are women. Now, imagine trying to find a female data scientist developing algorithms to detect cyber-crime. Assuming these above percentages as probabilities and following simple probability concept (where 0.20*0.25 = 0.05), we can assume that the female intersection may only include 5% of cybersecurity data scientists.
I am a part of that five percent of women performing data science roles in the cybersecurity domain. In this blog, I’ll share what led me to where I am today: working as the lead data scientist for Cmd, a cloud-first server protection platform.
After moving to Canada, I gained entry into the Master of Applied Science at one of the top Canadian comprehensive universities, where I majored in telecommunications and computer networks. I was happy to learn that it was (and continues to be) a promising research field with huge demand in Canada. As I was set to graduate, the world was facing a technology bubble crash and jobs within my domain were scarce. Having achieved good grades in my master’s program, I decided to remain in school and go for my PhD.
The day I presented my PhD degree seminar, a faculty member approached me. He’d seen my presentation and wanted to learn more about my research work. He was working on a project sponsored by Bell and was looking to hire a postdoctoral fellow to help him and thought I’d be a good fit. During 9/11, many lives were lost because fire personnel were unable to locate people in time in order to get them to safety. This tragedy led to many indoor terminal localization projects (including this one with Bell) receiving funding so that telecommunications engineers could develop new models to help locate people inside buildings quickly. I immediately seized the opportunity.
Between my PhD research and my postdoctoral work, I had developed a complex understanding of statistical modelling. Although I had learned a lot about telecommunication systems, I hadn’t had a chance to explore the world of cybersecurity yet. I wanted to learn more about this topic. I spoke to one of my professors who specialized in cybersecurity to learn about potential opportunities. As luck would have it, he was looking for help on a few different ongoing projects. I had an opportunity to learn more about cybersecurity by working on two cutting-edge projects: one on ad hoc networks sponsored by NSERC and another on botnet detection strategies sponsored by the B.C. government.
By now, I’d spent 10 years in a higher-education environment and was ready to move on. I began hearing about the emerging field of machine learning and discovered that my graduate program had already given me an understanding of many of the core concepts (e.g., optimization, pattern recognition, statistics, probability theory, and artificial intelligence). Committed to exploring this path, I spent my whole summer networking throughout the day and learning new skills at night. By the start of the fall, I got my first ML contract working with Abebooks, an Amazon company, where I’d be building machine learning-based models for inventory classification.
Once I had some experience under my belt, finding contract work in the in-demand field of machine learning was not difficult. As a contractor, I enjoyed the opportunity to develop ML algorithms for a wide variety of companies within the tech sector. But I still had my heart set on finding a way to pivot into the security domain.
Finally, I got introduced to one of the senior executives at Telus security. Upon learning about my educational background, experience in data science, and passion for cybersecurity, I got hired for a 16-month contract building machine learning based models within an IoT framework. At Telus, I built out many algorithms, including:
I loved the work I was doing and enjoyed seeing the impact that it could have on the world as a whole. The asset classification model in particular, which was developed to identify different interconnected devices within an IoT framework, gained significant attention from the greater professional world and is still used by many large companies to this day. My first experiences working in security helped me know that this was the industry where I wanted to end up.
After working for five years on data science contracts across 11 different companies, I had developed a variety of great models and had gained invaluable real-world experience. But by now, I was itching to be a full-time member of a team. Based on my qualifications and experience I was getting interviews, but found the interview process discouraging. While I would frequently make it past the first few rounds of interviews, I’d often get a gut instinct that something was off. The conversations I was having with hiring managers left me worried that, as a woman in a male-dominated industry, my work and contributions would go unnoticed or be under-appreciated. For example, during a final round interview with a startup’s CEO, he implied concern that I might not be able to deliver the same quality of work as the other applicants could, simply because of my gender and my interest in working remotely due to family constraints. I was quite disheartened to hear this, especially after working so hard to build a reputation and experience in this field that I loved. I’d hoped this was a fluke, but I soon realized that it was a pattern echoed in some of those in charge of hiring engineers. In male-dominated fields such as engineering, many organizations are still mostly men hiring other men. But I didn’t give up.
In early 2017, I got an email from one of the co-founders of Cmd. I had applied for a full-time data science role and they wanted to have an interview. The idea of working in data science and machine learning in the cybersecurity industry was so exciting. Soon though, my fear cast a shadow over my excitement. My past interview experiences came back to haunt me. I began wondering if this opportunity was too good to be true. Would an early-stage startup be open to hiring a woman to help build out their core product offering?
As soon as I’d had my first interview, the co-founders put my fears to rest. I learned that, if hired, I’d be one of the first ten employees and would have a large impact on the company’s core product offering. The entire interview process delighted me. The co-founders took the time to explain the whole product from scratch and their vision of the future before asking me for feedback on how I’d improve it. This was something new to me and went a long way to making me feel that they actually valued my knowledge and skills. Hearing more about the product, coupled with the expertise of the co-founders and the early employees they’d hired so far, got me excited. Having used Linux systems myself for over a decade, and being aware of some of the vulnerabilities in these systems, it quickly became clear to me that this team was building something unique and valuable. I saw how machine learning could fit into their vision and improve the product.
A few days after the interview, I got a call offering me the job. In January 2017, I became Cmd’s lead data scientist. It was a dream come true.
I’m now almost two years into my work at Cmd and it’s been everything I’d hoped for and more. At the end of the day, it is my belief that to succeed at any job, a few things must be in place:
At Cmd, I have had the opportunity to play a key role in developing our core product offering. I have also enjoyed the amazing chance to learn from my talented peers. Every member of our team is an expert in their respective domains. My coworkers are all so passionate about their area of focus and are willing to teach and learn from each other. That’s rare to find and I’m so grateful to have it. I know our company is better for it. Above all else, I’m glad I never gave up because it led me to this amazing opportunity.
In this article, I shared the road that got me to Cmd. If you’re interested in learning more about the work I’m doing day to day at Cmd, you’ll be happy to know that I’ll be sharing more articles in the coming weeks. I’ll be writing about how we use machine learning in our Linux-focused cybersecurity platform. More specifically, I’ll shed some light on the technical challenges we face and how we look to machine learning to help us develop solutions. I’ll also discuss some of the constraints in applying common machine learning techniques to the security domain.
Over the course of Deepali’s rich career as a data scientist, she has created machine learning models that affect the operation of many companies around the world today.
Holding a PhD in Electrical and Computer Engineering, Deepali has published over 30 papers in some of the world’s top journals and conference proceedings. Her machine learning breakthroughs have saved companies hundreds of thousands of dollars in resources and continue to impact the lives of millions of users daily. Today she works as the Senior Data Scientist for Cmd, a proactive Linux security company whose software protects the sensitive data of some of the world’s top enterprise organizations.
Ramp up your Linux defense strategies
and see what you've been missing.