Bug report: The female hackers keeping your work from home systems safe

Vandana Verma hacks to make things safer, flagging

system vulnerabilities

that black-hat hackers are always looking to exploit. With a large part of the country’s organised workforce logging in from home, her work, especially understanding how the cybercriminals devise attacks, has assumed more importance and urgency.


Vandana is a

security architect

, GSI Labs,

IBM India

Software Labs, and a member of an inspired community of female ethical hackers and

cybersecurity researchers

, who, like women in most industries, are challenging stereotypes. “When I started out, cybersecurity was not seen as a career option, especially for women. When I told my mother I work as an information security professional, for a moment, she thought I was a security guard,” says Vandana.

(Vandana Verma is a security architect, GSI Labs, IBM India Software Labs)

Globally, there is growing awareness that women’s contributions and achievements in STEM, short for science, technology, engineering and mathematics, have been overlooked. Nearly 200 years ago, the first person to be what we now technically call a coder was a woman — English mathematician Ada Lovelace. The second Tuesday of every October is observed as Ada Lovelace Day.

Vandana began her career 14 years ago, developing skills to understand sophisticated attack vectors and building defences. “The job requires you to find vulnerabilities within the system and execute exploits before a malicious actor can find them,” she says. Vandana followed the 2017 breach at Equifax, a consumer credit reporting agency. Data of 148 million customers was exposed through a web server vulnerability. Soon after the breach, she spotted a similar flaw on the Apache server that cybercrooks could have used to trigger remote code execution attack and take control. “I tested for weak links in my lab, and then prepared a proof-of-concept to secure systems using a virtualisation software and virtual machines on top of it,” she says.

Vandana is part of a number of platforms that focus on cybersecurity: IBM WISE (Women in Security Excellence), OWASP (Open Web Application Security Project), where she is on the global board of directors,

InfosecGirls

, WoSec (Women of Security), and Null. The recognition didn’t come easily. “I had to prove myself at every step,” she says. “But there is a cultural shift and many misconceptions have been broken. We need more role models.”

Her favourite female hacker is Katie Moussouris, the pink-haired founder of Luta Security. Katie is a bug bounty hunter and vulnerability disclosure expert whom Vandana met at the Blackhat event in the US about two years ago.

Divya John, white-hat hacker at Flipkart)
Divya John, a white-hat hacker at Flipkart, says maintaining security guardrails around emerging products and features is challenging. “Not every aspect of security can be covered by automation and tooling. Some level of human intervention and analysis is required for every design and architecture. Innovating and executing customised designs on a large scale is challenging. But this is what motivates me to push the limits,” she says. She describes ethical hackers as detectives. “My job is to protect customers and Flipkart assets against hacks and privacy breaches. The key is to integrate security gates in every phase of the product life cycle,” she says.

Anjana Sathyan, a security analyst with digital riskmonitoring platform Cloudsek, says the threat landscape has become dangerous with the evolution of the Dark Web, where operators thrive using stolen identities, products, and services. She participates in capture-the-flag security competitions and closely follows how smartphones are attacked. Flaws in facial recognition software are a new focal point.

Anjana Sathyan, security analyst at Cloudsek)
“In some instances, facial recognition was deceived with infrared light; even the most efficient algorithms are tricked,” she says. With artificial intelligence becoming mainstream, attackers are trying to inject bad data to alter the system’s accuracy. They can even teach AI models to behave differently.

Arunima Saha, an ethical hacker at Robert Bosch Engineering and Business Solutions, looks for security gaps in embedded systems of automobiles. With growing interest in electric vehicles, charging stations are vulnerable to cyberattacks. “It’s like asking money in exchange for energy,” she says. Charging stations generate vehicle data, such as location, and hackers can misuse it.

(Arunima Saha, ethical hacker at Robert Bosch Engineering and Business Solutions)
Though women are not adequately represented in STEM, things are changing. Divya says the percentage of women in India’s IT sector has increased over the past decade, so has the percentage of women in cybersecurity. “There is more awareness about cybersecurity, and it now figures in the curriculum of engineering institutions; this wasn’t the case when I was studying. This is a huge step-up,” she says. “These factors will enable greater balance in gender ratio of cybersecurity professionals.”

So, what’s the advice for women entering the field? “Be heard, be seen, and network all you can,” says Vandana.

Stay updated with the latest news on Times of India. Don't miss daily games like Crossword, Sudoku, and Mini Crossword.