Original Link :
Anuja Sonalker, Ph.D is Vice President of Engineering & Operations, North America for TowerSec where she leads engineering, operations and market facing R&D for the North American market.
Dr. Anuja Sonalker is an expert in cyber security for embedded and distributed networked systems. She brings together a broad set of technical skills, demonstrated leadership and experience from working with government, academia and with industry leaders. She has lead various efforts in the past 16+ years in automotive cyber security, intrusion detection, internet infrastructure security, wireless systems security, sensor networks, security protocol design and cryptography.
Prior to TowerSec, Anuja led innovation in automotive cyber security at Battelle, and systems security at IBM TJ Watson, and Fujitsu Labs.
In her spare time, Anuja mentors high school kids towards STEM disciplines and women through the Scholarships for Women Studying Information Systems (SWSIS).
1. Why did you choose to study the computer engineering and network security field? How did you end up in such an offbeat, unconventional and uncommon career?
I was always fascinated with electronics from childhood. My father was an engineer and we would do many household robotic and science projects all the time. I wanted to be a scientist when I grew up. If I didn’t make it, I wanted to be a detective and solve crime. Then, I also belong to the generation that saw computers as commodities as a child. When we bought our first home computer – a 286, it opened up a whole new world for me. I knew right then, that this is what I wanted to do when I grow up – use a computer, because that’s what scientists did! I didn’t know at the time that no matter what field you are in, everyone would be using a computer in some way shape or form in the future world. Formally, I was introduced to network security only in college, and that too because of hearing about the first malware for a computer. It was a natural extension to what I was learning and doing, and was a cross between a scientist and a detective. Solving cyber crime! What better field could there be?
2. What do you love about engineering and network security?
I love the fact that you can tinker with things in your own way. There isn’t just one right way of doing things in engineering. It’s en-gin-eering! With network security there is a sense of defending and protecting that I love the most. There is a sense of responsibility and a sense of building responsible technologies. Then there is the constant need to stay two steps ahead of the bad guys.
3. How did you first get involved with cybersecurity? Share a project or inspiration with us please that prompted your involvement…
I first got involved in cyber security in college. There was a multimillion-dollar grant that a new group of professors had won and they were looking for students to join them. I interviewed and got a spot on the project. It was about creating a joint space in the internet where people could share resources, computing power, storage, save their stuff in a secure manner (Little did I know that this was the ancestor of the modern day cloud)
4. Can you explain a little about how the tools and techniques used and work done in cybersecurity has changed during the course of your career thus far?
Cyber security has come a long way. In the beginning there were rudimentary tools, and frankly limited capabilities to cyber damage. It was the days of C and object oriented programming was being introduced. Then came java and other internet programming technologies. As internet technologies advanced, people started focusing on security of network protocols and internet security. As the cat and mouse game with hackers began, we started going lower and lower in the stack to thwart off malicious hackers. If they would try to attack at the network (IP level) we would be defending and monitoring at the data link layer (Ethernet) and so on. With the advancement in silicon technologies, hardware suddenly pivoted and computing started moving to smaller devices. Computers no longer meant being on your desk or laptop, but were now your phones, your tablets, TVs, toasters and cars. This changed the network security game tremendously. Embedded systems security has now emerged as the single biggest, most pervasive challenge this century. And we still haven’t figured it out completely.
5. Is there a particular application or industry that you think could benefit the most from developments in cybersecurity in the future? Does it impact every field?
It absolutely impacts every field, simply because computers and electronics are used in every field today. Robots and telematics is used in surgeries and medicine, electronics are used in telecommunications, we have smart electronics like nest and smart TVs and refrigerators in our homes, industrial automation is based on computers and IP enabled electronic controllers, fitness devices and personal electronics are ever so common, banking and financial industry relies heavily on computers and electronic networks, e-commerce (all the online shopping we do) relies on electronic banking. Even our cars today have more electronics than a typical computer. Needless to say, imagine subverting any of these systems above and you can easily realize what havoc it can cause in our daily lives. Even though we don’t see it, we depend heavily on cyber security to be able to use all these services and systems reliably.
6. What are the current challenges in the field of cybersecurity? What’s the biggest obstacle at the moment?
The current challenges in cyber security come from embedded computing devices, in my opinion. In the past few years, we have progressively started moving from traditional desktops and laptops to smaller hand held or more pervasive devices for our computational needs. Smart phones of today can do everything a typical laptop can do. Most devices in our homes are capable of doing a lot of data processing, intelligence and are connected to the Internet. This shifts the focus from securing certain end points on a traditional enterprise network (corporate organizational network) to now trying to secure every end point on every commercial network all the time. And these devices can connect to different networks as they move around so a compromised device can be a new entry point to another otherwise unaffected network. The problem is huge.
7. Whom do you admire and why?
Personally, I admire my parents because of all the support and encouragement they gave us to each follow our dreams. They made sacrifices so we didn’t have to. Professionally, I admire Dr. Abdul Kalam, the 11th president of India who was a scientist turned politician. He spent his life dedicated to the advancement of science, and then to take science to every child and youth in the country. Outside of my work, I would love to do the same someday.
8. What do your think the future holds for cybersecurity applications?
Cyber security applications will become a part of everything we do in our lives. In this ultra digitized world, there cannot be an application of technology that does not need cyber protection. It is not a luxury any more, but a cost of doing business, a cost of owning technology and a cost of using tech features. Cyber terrorism, cyber espionage, and cyber criminal activity is at an all time high, and will only get worse. I believe that in a few years, cyber security will need to be cross-disciplined with other disciplines in order for those disciplines to survive. For example, automotive engineering. Today, automotive engineers must understand cyber security in order to build secure cyber robust cars.
9. What’s the most important thing you’ve learned through your work in cybersecurity? Are there still challenges that surprise you?
The most important thing I’ve learned is that there is no such thing as 100% cyber secure (unless it’s a brick or its dead). It’s always a game of making it hard for the adversary to the point where it’s infeasible for the adversary to try to penetrate a system. Then, I’ve also learnt that infeasibility exists for a short time. There are technological shifts (hardware gets cheaper over time, some one always comes up with an open source version of some software) and then the attack becomes feasible and worthwhile for the adversary again. Then you have to up the challenge again. It’s a live game. And it never ends. You have to try to stay two steps ahead of the adversary.
Surprises? Yes, every now and then it surprises me to learn how someone accidently stumbled upon a new way of getting into someone’s system. That’s a scientist in the making, in my opinion. They’ve just discovered a way to do something that no one else thought about. And it just happens to be a security flaw, so it caught my attention. I would love to groom such a person into a scientist and use their knack for the betterment of society.
10. What advice would you give to recent graduates interested in working in cybersecurity? Are there degrees that make the most sense…activities that would help?
I would say, cyber security is a mindset. First of all, you have to think like an attacker, and then think like a defender. How can you better create a system that you just broke into? If you are good at this type of thinking, you are naturally inclined to build cyber secure systems. You may be interested in traditional computers, or computer networks, or embedded devices, or cryptographic techniques for protection, it all requires the same mindset. The best advice would be to find a mentor, someone in the field who is willing to guide you to gain skills relevant to today. Also, keep up with cyber security news as much as you can. Most reporters today have discovered that cyber security news sells and there is a lot of coverage of anything cyber security. Reading up on recent events will show you where the state-of-the-art needs to move and you will be ahead of the pack. There are 200,000 vacancies today in cyber security. These are jobs that cannot be filled because we cannot find the talent. There could not be a better time to enter this field. When I graduated in cyber security, it was the norm that 80% of graduates went into academia because only 20% could find jobs. Today there is a scarcity.
11. If you weren’t focused on the field of cybersecurity, what would you be doing?
If I weren’t focused on cyber security, I would be mentoring students in STEM, and/or raising more awareness about cyber security in the world. The general population needs to know more about how cyber security impacts their daily lives and how to follow good cyber hygiene.