Despite new intrusion methods and the spread of attacks, for Soledad Antelada, what’s really changed in cybersecurity is people’s awareness and how the media treats the topic. Systems Engineer at the cybersecurity department at the Lawrence Berkeley National Laboratory and an expert in the sector, she believes that cybersecurity has evolved from a small underground movement to entering the collective consciousness to become a global phenomenon.
Soledad Antelada, one of the most influential Hispanic women in the technology world, has a key task: guaranteeing security of a system in which thousands of people work. The Berkeley Lab is a prestigious scientific research center which has produced 12 Nobel Prize winners. It is a United States national laboratory managed by the University of California. The department of cybersecurity is in charge of protecting the laboratory and the entire network of institutions dependent on the US Department of Energy. An expert in cybersecurity, she tells us what the keys are to protecting these kinds of institutions.
Pentesting to stay ahead of cybercriminals
Soledad works as an external agent, that’s to say, she pretends to be an attacker to penetrate a network to get into a system and jump from one network to another. “I always act as an intruder”, she adds. To do this, she uses scanning and exploit tools or develops her own. Among her favorites are Python, SSH Brute Force, Nessus for scanning systems, and Burp and Netsparker for scanning web applications. To exploit, she uses “a lot of manual scanning or metasploit and SQL injection”.
Antelada stresses the importance of penetration testing at Berkeley Lab: “This type of tool is a priority for us. We want to find out about vulnerabilities first and take care of them, before attackers discover them”. She also says that at the Department of Energy, cybersecurity audits are performed to evaluate the security of the lab. According to Soledad, “during the audit period, they evaluate the general vulnerability of the lab. If they don’t find anything, then we are doing our job”.
“Patience is the best virtue in pentesting”, she adds. “It takes a lot of trial and error to discover on your shift what the bad guys are trying to do 24/7. And then have to fix it to boot.”
Tips for security professionals in a connected world
Soledad thinks the sector has to “invest more in highly qualified people than in teams”. By supporting experts and strengthening cybersecurity departments, both companies and public institutions can stay ahead of the curve and don’t have to wait for an attack to defend themselves. Antelada adds that, in the US, greater importance is given to the sector. “Regardless of the government in power, cybersecurity is a priority for the entire country.”
For Soledad, employee education is also a priority. According to her, this will become more important as the Internet of Things grows. She explains the case at Berkeley Lab: “There we’ve got all kinds of instruments connected to the network, such as lasers and microscopes, which are also attack vectors.” If the security of these devices is compromised, “the scientists that use this equipment need to be contacted and shown how to fix the vulnerability.” It’s not just about fixing the problem, but educating users about the vulnerability, how they found it, and how to fix it. This, says Soledad, “helps users adopt the right mindset regarding cybersecurity and from then on they can be on the lookout for suspicious behavior.”
Also, to protect institutions, cooperation of different areas in an organization is fundamental. “There should be real support between employees of the departments. Among those in charge of storing and managing data, system managers, software developers, etc., all should be connected with the cybersecurity department because they cannot work on their own, they depend on the administrators to protect them.”
Women in the cybersecurity sector
At Girls Can Hack, Soledad tries to get women interested in technology to encourage them to get involved in what has traditionally been a masculine sector. “I’m the first and only woman at the Berkeley Lab cybersecurity department, says Antelada, “and even though the number of women at companies is still very low, I’ve seen a change and women are now beginning to take an interest in the field.”
To change this, what does Soledad suggest that to women who want to get involved in the sector? “Just do it. It’s a very dynamic field that needs a lot of people and diversity. Cybersecurity departments are monotonous, which is a flaw. Security problems are diverse, and the more varied the departments are, the easier and more creative the solutions will be.