Home » Security Leadership » Career/Staffing

Women of Influence 2005

The Executive Women's Forum awards program celebrating female infosecurity achievement recognizes a quartet of pioneers.

Influencing the Security Future: Through ELI, Lutz is focused on security for the underserved and underenlightened home market. "The area that needs a tremendous amount of education and influence is definitely the consumer market. It goes back to having the passion and believing in it. It's going to take a lot of influence to get a consumer to understand that they need all these security features, when our [security] market is confusing the heck out of them."

Technology for the home has "got to be customer friendly, it's got to be plug-and-play, it's got to be all-in-one, it's got to be nonintrusive, and it's got to [require] no user intervention whatsoever. And it has to be a managed service, because a consumer doesn't understand the difference between a hacker, a virus or a worm, or a spyware attack or a phishing attack.

They don't know the difference. They go buy a new PC, and in 15 seconds they're violated."

Sarah Gordon - Private Solutions Provider
Senior Researcher, Symantec Security

Sarah Gordon

Exercising Influence: "I've tried to influence people to integrate science into their work. With antivirus testing, it used to be simply running scanners against collections of viruses when external tests were run by magazines. Sometimes [they'd] use files that they'd gotten from the Internet. Or they'd use files that people had given them. Sometimes they were corrupted filesâ¬utilities, maybe even text files. [Around that time] a researcher named Joe Wells had started something called the WildList, [consisting of] viruses in the wild. I got together with Joe and expanded that concept into something called the WildList Organization and built this information-sharing network. Now all of the vendors share their [virus] samples worldwide. But I also created something called the WildCore, a set of all the replicated viruses from the different vendors. [These are] available for redistribution to qualified testers. So [security or IT] magazines were then able to contact these testers who actually had the real viruses to run tests on detection. That made a huge difference, because now users could look at valid tests, scientific tests, based on published methodologies."

Influencing the Security Future: "When I became involved [in security research], all approaches to the problem were technical. The trouble with that is that the problem is not solely technical. It's also behavioral. There's a lot of focus in the work I've done on profiling and analyzing the behavior of bad guys. I think this helps because if we understand the people who do this, we can understand what sorts of technical, legal and social remedies might be useful in solving the problem. The most important thing I'm doing lately involves influencing young people to take active roles as â¬Ügood guys.' So I've been lecturing at universities, high schools, middle schools. At Symantec we've worked with developing curricula that incorporates a multidisciplinary approach that mixes legal, technical, educational and social aspects. Technology is very important, but the problem is not just technical; it has many facets."