7 Women Leading the Charge in Cybersecurity Research & Analysis
From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands.
March 27, 2023
Source: Dark Reading collage
While cybersecurity does suffer from a gender gap by the numbers, there are many notable women out in the field kicking butt and taking names.
Women are increasingly playing a huge role in many cybersecurity organizations — from entry-level analysts all the way up to CISOs and risk executives. In honor of Women's History Month, Dark Reading takes a look at seven women who are on the front lines of security research and analysis.
Some of them are rising stars, others are veterans heading up research teams and penning reports that will influence the future of cybersecurity strategies and defensive techniques. All of them are worth following for their insights.
Read on for profiles of:
A veteran and consistent producer of vulnerability research for Google Project Zero, Natalie Silvanovich has been digging up software flaws for the better part of two decades.
Her work has been influential in driving software design improvements, bug fixes, and deprecation of products in a range of software and application ecosystems like Adobe Flash, WebAssembly and WebRTC, and Apple iMessage. She's a frequent flier on the podium at Black Hat and she now sits on the Black Hat Review Board.
Silvanovich leads the North American team for Project Zero and, at the moment, is personally focused on messaging applications and video conferencing applications and platforms.
Her roots in mobile platform research will always remain — this month she and her colleagues found 18 vulnerabilities in a number of Samsung Exynos chipsets. A hacker and reverse engineer at heart, Silvanovich is also an avowed Tamagotchi hacker in her free time.
An in-the-trenches security researcher for Checkmarx, Tal Folkman brings some serious hacker creds to the table. Before she took her spot as a researcher in Checkmarx's Supply Chain Security group, she worked for nearly five years in an elite unit of the Israel Defense Forces (IDF) as both a researcher and red team leader.
Now, she's digging into a range of software supply chain attacks that include malicious npm attacks and using social media and other platforms to scale supply chain attacks.
In November, she was noted as a co-author of a report that showed how attackers were luring TikTok users with a salacious piece of fake software that claimed to remove TikTok filters from nude videos. The goal was to get victims to deploy stealer malware hidden in malicious Python packages.
And just last month she "uncovered an army of (PyPi) fake user accounts" that were powering large-scale attacks against the Python ecosystem.
An experienced threat researcher with long stints at both Kaspersky and Cylance, Marta Janus has the full arsenal of skills for tracking adversaries and dissecting code.
She's got years of experience in reverse-engineering software and firmware, in threat hunting, and in uncovering obfuscation and anti-reversing techniques. Now she's setting her sights on the emerging field of adversarial machine learning and adversarial AI research for startup HiddenLayer.
She's part of the company's Synaptic Adversarial Intelligence (SAI) team, which has helped drive the company's direction in developing a platform to detect attacks against ML systems. It's a bleeding edge field of research and the platform was recently named as a finalist for the Innovation Sandbox awards at the RSA Conference next month.
On the publicly released research front, Janus hit the ground running after joining the team last year. In December, she and her teammates put out a proof-of-concept (POC) report about how a threat actor could use PyTorch ML models to infiltrate enterprise networks.
While Yesenia Yser is a security engineer and coder at heart, she's at the spear tip of systematic research into open source software vulnerabilities and the hunt to prioritize the most impactful flaws in the open source community.
In November, she joined the Open Security Foundation's (OpenSSF) Alpha-Omega Project as a senior software security engineer. Her role will be in refining and bolstering the project's Omega Analysis Toolchain. This toolchain is the automation workhorse of the project's effort to identify critical security vulnerabilities across a range of 10,000 widely deployed open source projects.
Yser will be working directly on improving the Omega toolchain and the triage portal to help engineer improvements in how projects and vulnerability impacts are analyzed and prioritized for mitigation. Essentially, she's building the engine for how Alpha-Omega scales up its open source bug research and remediation efforts.
She also brings a deep level of expertise in security engineering and DevSecOps development to the table —prior to this position she was a principle product security engineer and supply chain ops tech lead for Red Hat.
A rising thinker in the realm of big-picture cybersecurity research, Zoë Brammer is a senior analyst for the Institute for Security and Technology (IST).
With an educational background in international relations and economics, including studies at the London School of Economics, Brammer tackles a range of topics that tend to focus on where cybersecurity practices and the cyber threat landscape intersect with government and economic machinery.
This includes work digging into the interplay between digital systems and democracy, analysis of national cybersecurity strategy, and other dives into cryptocurrency and ransomware. Her most recent report for IST's Ransomware Task Force last year visually mapped out the ransomware payment ecosystem, providing another resource for counter-ransomware efforts to find better ways to disrupt the ransomware economy.
Maya Horowitz brings a deep understanding of threat research and human psychology (she's got a master's degree in psychology) to her job as vice president of research for Check Point Software.
Horowitz climbed the threat intel and research ranks at Check Point for nine years, after almost another decade spent as the head of intelligence department for Israel Defense Forces. She notes that her background in psychology is a big plus when tackling attack behavior.
She oversees hundreds of researchers for Check Point Research (CPR), which powers the company's threat intelligence and platform offerings — along with providing copious amounts of public research for the broader cybersecurity community. Under Horowitz's direction, CPR publishes weekly intelligence reports publicly, monthly podcasts, and a healthy calendar of blog posts and special publications.
Most recently, her team has been tracking the way cybercriminals have been using ChatGPT to develop their attack flows.
Like many excellent cybersecurity researchers, Charlotte Siska came to the field sideways through a different scientific specialty. She got her PhD using machine learning (ML) to investigate molecular interactions in genomic data, and she has leveraged ML and data science expertise to find and simulate adversarial artificial intelligence attacks.
She's part of a growing group of AI red teamers at Microsoft who are helping set the tone for the industry in how to identify the most impactful risks to AI models and deployments.
Under team lead Ram Shankar Siva Kumar, she and the rest of the team are building a lot of momentum for their groundbreaking work. Earlier this month, Microsoft published some research and tooling recommendations based on their early efforts.
And at the RSA Conference, she and colleague Raja Sekhar Rao Dheekonda will put on a hands-on tutorial for red teaming AI systems using open source tools.
Like many excellent cybersecurity researchers, Charlotte Siska came to the field sideways through a different scientific specialty. She got her PhD using machine learning (ML) to investigate molecular interactions in genomic data, and she has leveraged ML and data science expertise to find and simulate adversarial artificial intelligence attacks.
She's part of a growing group of AI red teamers at Microsoft who are helping set the tone for the industry in how to identify the most impactful risks to AI models and deployments.
Under team lead Ram Shankar Siva Kumar, she and the rest of the team are building a lot of momentum for their groundbreaking work. Earlier this month, Microsoft published some research and tooling recommendations based on their early efforts.
And at the RSA Conference, she and colleague Raja Sekhar Rao Dheekonda will put on a hands-on tutorial for red teaming AI systems using open source tools.
While cybersecurity does suffer from a gender gap by the numbers, there are many notable women out in the field kicking butt and taking names.
Women are increasingly playing a huge role in many cybersecurity organizations — from entry-level analysts all the way up to CISOs and risk executives. In honor of Women's History Month, Dark Reading takes a look at seven women who are on the front lines of security research and analysis.
Some of them are rising stars, others are veterans heading up research teams and penning reports that will influence the future of cybersecurity strategies and defensive techniques. All of them are worth following for their insights.
Read on for profiles of:
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024