In-brief: In an interview with Security Ledger Editor in Chief Paul Roberts, Chenxi Wang of the firm Twist Lock talks about information security’s “Mr. Robot” problem and the need for standards for the Internet of Things.
Security Ledger had the honor of working with The RSA Conference to record a number of the information security industry’s smartest and most thoughtful executives and subject matter experts. Among them: Chenxi Wang, the Chief Strategy Officer at the firm Twistlock.
Chenxi is a Ph.D in computer science who has also worked as an industry analyst at Forrester and an executive at Intel Security and CipherCloud. She’s passionately committed to increasing the presence of women in the information technology and information security fields, serving as a Board Member on the Cyber Diversity Foundation and acting as the Program co-Chair for the Grace Hopper Conference, the world’s largest gathering of women technologists.
In our conversation, Chenxi talks about the challenges that women face in technical fields, including academia, where their work is often not recognized or valued. She also talks about cyber security’s image problem. Wang says that shows like Mr. Robot promotes an image of hackers as young, hoodie clad, anti-social and male. That is the exact opposite of what young, highly educated women are likely to be drawn to.
“Whenever you think about security you think of a guy in a hoodie in a dimly lit space, hacking a remote computer,” Wang said on RSA Conference TV. “Mr. Robot really personifies that, but if you talk to high school girls, I’m not sure how many of them would consider that an attractive field,” she said. “We need to change the rhetoric and how we talk about our work.”
Want to attract women to the field? Talk about the pro-social aspects of computer security, not the anti social ones. (Wang uses the example of a researcher applying fraud detection algorithms to help the World Bank spot development aid fraud.)
Chenxi also talks about the challenge of securing the Internet of Things, where securing the connections between the cloud and billions of devices presents major challenges. Given the prevalence of low-value endpoints of unknown provenance, trust is going to be difficult to come by.
One solution: “minimal viable standards” for IoT endpoints,” she says. That might include the ability to do updates. Devices
How do we control that? With regulations? Supply chain? Commerce? All that has to come in place, but first we need to agree on a set of minimal viable standards,” she said.
Precedent exists. “The auto industry has done it…after a certain number of deaths,” Wang notes. “We need to do something before that happens.”
Check out our conversation below.