#steampoweredshow

Cairo Malet (she/her) is a cyber security professional, specialising in governance, risk and compliance. She currently works for Octopus Deploy, leading their GRC programme. Before moving to Octopus, she spent three years leading risk assessment and remediation at one of the world’s largest mining companies, working with technology across both enterprise and operational environments. Her previous experience includes consulting and internal positions, working with organisations across finance, government, healthcare, telecommunications and resources to assess their security posture and implement policy and process to increase security maturity.  She is passionate about providing pragmatic security advice, increasing female representation in the Cyber Security industry, and Stardew Valley. She also has a degree in International Relations and a CISSP.

In our conversation, we talk about Cairo's indirect journey to cyber security, and what cyber security entails from policy to supply chain security and social engineering.

Watch this episode on YouTube. Listen to it on Spotify, Stitcher, Apple Podcasts, Google Podcasts, Breaker, Castbox, Overcast, Pocket Casts, RadioPublic, Vurbl, or  RSS.

Show Notes

[00:00:49] Cairo's pursuit of the social sciences. [00:01:00] Having an interest in history. [00:01:29] A desire to become a diplomat. [00:02:31] Working in hospitality. [00:03:06] The transition into tech and starting in tech support. [00:04:02] How tech support turned into cyber security. [00:05:40] An opportunity in the internal cyber security team. [00:06:06] Concern about not meeting the job criteria, by one item only. Michele's note: This old chestnut with women and applying for jobs. [00:06:49] Having experience in the regulatory and privacy side of things, just not the technical. [00:07:08] A lesson in how initiative and making yourself available can lead to other opportunities. [00:07:27] Cyber security has regulatory and compliance aspects as well. [00:07:58] Also need to be pragmatic and apply context. What is actually relevant to the organisation. [00:09:13] Process management involves knowing about the process you're trying to manage. [00:10:54] Governance, risk, and compliance in the context of cyber security. [00:10:58] Penetration tests are only part of the whole. [00:11:25] Defence and response. [00:11:39] Governance. [00:12:21] Risk. [00:13:59] Compliance. [00:15:24] Supply chain security. [00:16:12] Your relationships within the chain. [00:16:34] Coverage through due diligence, contracts, and enforcement. [00:18:02] Internal mitigating strategies for when things don't go to plan. [00:18:30] Sometimes a bad actor simply has more time and resources to throw at a thing. [00:19:03] Trying not to be the low hanging fruit and taking an 'assume breach' approach. [00:19:48] (Dis)trust in the universe, but lock your car. [00:20:27] Multi-Factor Authentication (MFA): A small inconvenience that can prevent larger inconveniences. [00:21:40] We know, it's annoying can be inconvenient. But there's a benefit. [00:22:37] Having the conversations and taking the time to communicate the concepts. [00:24:56] On password choice. We kid. Don't use these passwords. [00:26:38] Sentences and sequences of words are definitely an improvement. [00:27:01] How Cairo's background in social sciences informs her work in cyber security. [00:27:53] Research, critical analysis, and effective communication is a significant part of the work. [00:29:55] Understanding the audience and the players involved is essential in this space. [00:30:38] Cyber security is relatively new as a field, we need to be able to communicate its relevance and significance. [00:30:52] The specialists need to also have an understanding of the space in which their work is being applied. [00:31:35] It's an aspect of business that can be taken for granted because it 'just works'. [00:32:17] Hence the importance of communication to get 'buy in'. [00:33:05] Accessibility and visibility in communication. [00:35:08] You are not separate to the business. Being invested in the business whose interests you are there to protect. [00:35:58] Other cyber security concerns of businesses. [00:36:21] Tailoring guidance to the organisation. [00:36:48] The needs of small businesses. [00:37:46] The needs of larger organisations. [00:38:36] The foundations. [00:38:55] Social engineering. [00:39:44] It's about manipulation. [00:40:52] Capture the Flag (CTF) at DefCon. [00:41:21] Rachel Tobac. [00:42:21] Stress and urgency can prevent people from being rational. [00:43:45] The challenges of being good at social engineering. [00:44:21] Cyber security awareness training. [00:45:10] Preying on kindness or momentary lapses in focus. [00:45:49] Online scams are a numbers game. [00:47:17] Spearfishing and whaling is more effort with a higher payoff. [00:47:48] Scams are run as a business as well. [00:48:52] Cyber security is challenging and rewarding. [00:49:27] Motivations in cyber security. Societal and geopolitical factors. [00:50:13] Considerations in the resource sector. [00:52:47] Understanding the business, their needs and risk factors. [00:53:01] Needs of financial institutions vs emergency services. [00:54:03] The CIA Triad (Confidentiality, Integrity, Availability). [00:56:31] Bonus Question 1: What hobby or interest do you have that is most unrelated to your field of work? [00:56:35] Cottagecore. [00:57:09] Taking up knitting. [00:57:40] Assoc Prof Rhea Liang (#8) and her crochet. [00:57:52] Tom Daley's knitting fame. [00:58:35] Bonus Question 2: Which childhood book holds the strongest memories for you? [00:58:40] Tamora Pierce. [00:59:29] Strong female characters in science fiction and fantasy. [01:00:44] Tortall being adapted for television. [01:01:36] The adaptation of Ursula le Guin's Earthsea. [01:03:29] Bonus Question 3: What advice you would give someone who wants to do what you do? Or what advice should they ignore? [01:03:34] You need balance between your work and personal selves. [01:04:55] Get involved with the community. [01:05:16] Don't let a non-technical background deter you. A broad range o skillsets are needed in this space. [01:06:07] Cyber security twitter is a great resource. [01:06:21] @hacks4pancakes [01:06:27] Tanya Janca (@shehackspurple) [01:06:38] @SwiftOnSecurity [01:07:02] Finding out more about Cairo and her work.

Topics/Resources/People Mentioned

Cyber security (wiki)

Payment Card Industry Data Security Standard (PCI-DSS) (wiki)

ISO 27001 (wiki)

Governance, Risk Management, and Compliance (wiki)

Penetration test (wiki)

Supply chain security (wiki)

Privacy Act (Australia) (wiki)

General Data Protection Regulation (GDPR) (wiki)

Multi-factor authentication (MFA) (wiki)

Information Security (wiki) - Covers the CIA Triad (Confidentiality, Integrity, Availability)

DefCon (wiki)

Capture the Flag (CTF) (CTF101)

Rachel Tobac (@RachelTobac)

phishing (wiki)

Assoc Prof Rhea Liang

Tom Daley

Buffy the Vampire Slayer (IMDB)

Hack the Box

@hacks4pancakes

Tanya Janca (@shehackspurple)

@SwiftOnSecurity

Additional Resources

We asked a hacker to try and steal a CNN tech reporter's data. Here's what happened (CNN) - Not the scenario mentioned in our conversation, but similar.

British diver Tom Daley knits dog jumper and cosy for Olympic Games gold medal (ABC Australia)

Untitled Tortall Adaptation (Tamora Pierce Fandom.com)

Find out more about Cairo and their work

Twitter: @intrepidrainbow

Follow STEAM Powered

Happy birthday to us! 🎉

One year. 25 awesome conversations with brilliant STEAM Powered women. More to come.

Megan Knox is an early-in-career technical program manager at Microsoft and recent graduate of The Ohio State University with a degree in Computer Science and Engineering. As a PM, she does long-term planning for her software engineering team and drives success of large scale technical projects through communication and documentation. Prior to her start at Microsoft, she had two internships there to gain experience in a corporate setting.

During her time at Ohio State, she founded and presided over student organisation Code 4 Community (C4C) for three years. C4C is designed to demonstrate and implement the benefits of computer science in a humanitarian way, including a long-term project of building a website to help adolescents struggling with mental health and outreach to local grade schools to generate interest in computer science. She is passionate about sharing STEM with underrepresented communities, including women, minorities, and rural areas.

Outside of work, she enjoys reading and creative fiction writing, fitness, and taking care of houseplants.

In our conversation, we talk about technical program management and Code 4 Community.

Watch this episode on YouTube. Listen to it on Spotify, Stitcher, Apple Podcasts, Google Podcasts, Breaker, Castbox, Overcast, Pocket Casts, RadioPublic, or  RSS.

Show Notes

[00:57] What drew Megan to computer science and engineering. [01:42] Exposure to STEM. [02:10] Megan's first taste of programming. [02:36] Expectations of what computer science and engineering involved. [04:25] Code 4 Community. [04:59] Humanitarian Engineering Scholars. [05:15] A need for ways to demonstrate humanitarian applications of programming. [05:56] The scope and impact of software. [06:21] Founding Code 4 Community and learning about leadership. [06:45] Code 4 Community's Major Projects. [06:53] Project 1: Collaborating with the Department of Social Work for an app to support adolescents struggling with mental health. [07:30] Project 2: Outreach to local middle and high schools. [07:39] Why student outreach is important to Megan. [09:47] Give people a taste and show them it can be a good time. [10:13] Going virtual is making outreach to remote areas more accessible. [10:44] Code 4 Community's current efforts. [12:22] Megan's journey to Microsoft. [12:58] A serendipitous opportunity. [14:22] Getting into the Microsoft internship program. [15:05] The culture of internship programs in the US. [15:55] The value of internship experiences for professional development and your CV. [17:06] How interns are introduced to career tracks. [18:39] Internship projects are intended to contribute value to the company. [20:21] The role of a Program Manager. [20:58] It involves systems analysis and requirements gathering. [21:32] It involves communication, documentation, and planning. [21:47] It involves short, middle, and long term views. [23:07] Summarising the role. [25:11] Career direction. [25:38] Honing the skills a PM requires like leadership, communication, and her own personal development. [26:25] The importance of leadership skills in the kind of work that Megan would like to do in future. [27:40] Bonus Question 1: What hobby or interest do you have that is most unrelated to your field of work? [27:51] A love of writing. [28:29] Megan's genres. [28:55] With a passion for writing, why not major in English? [29:16] The need to be practical. [30:06] The bill-paying job options for an English degree were not personally appealing. [31:00] Bonus Question 2: Which childhood book holds the strongest memories for you? [31:05] Strong family memories with Harry Potter. [31:55] Bonus Question 3: What advice you would give someone who wants to do what you do? Or what advice should they ignore? [32:01] Impostor Syndrome. [32:47] Be your own role model. [33:23] Don't limit yourself. [34:55] Reaching out to Megan.

Topics/Resources/People Mentioned

Ohio State University

Code 4 Community

Humanitarian Engineering Scholars

Dr Sabine Bird (#16)

Microsoft

Explore Internship at Microsoft

Amanda Hickie (#11)

Harry Potter by J K Rowling (BookDepository)

Additional Resources

Code 4 Community

Code 4 Community contact: c4cosu[at]gmail.com

Connect with Megan

LinkedIn

Email: contact STEAM Powered

Follow STEAM Powered

STEAM Powered is now available on Breaker and Pocket Casts.

STEAM Powered is now available on Stitcher and Spotify.

STEAM Powered is now available on Apple Podcasts, Google Podcasts, CastBox, Overcast, and RadioPublic.

Bias and discrimination are everywhere. It's something we as a society are generally trying to improve. But when it comes to solutions, there is nuance in terms of cultural and social context, personal perceptions, and privilege that can complicate matters.

Join us as we speak with Raksha Kumar, an award-winning journalist and documentary filmmaker with a focus on land, forest, and human rights issues. We speak about Raksha's investigative work into the layered and complex issues of caste and sexism in India's tech industry, and elsewhere too.

About Raksha Kumar

Raksha Kumar is an award-winning journalist, with a focus on land and forest rights. Her work highlights human rights abuses by the State, thereby holding the powerful to account. Since 2011, she has reported from twelve countries across the world and a hundred districts in India for The New York Times, BBC, The Guardian, Foreign Policy, among others. Additionally, Kumar studied media freedoms in India in great detail and wrote reports for the Committee to Protect Journalists, the International Federation of Journalists, and PEN International.

Kumar graduated from the Journalism School, Columbia University, and holds a Post Graduate Diploma in Human Rights Law. She is also a documentary filmmaker and a Chevening Fellow and has been awarded a Fulbright Scholarship for Leadership Development.

LinkedIn: https://www.linkedin.com/in/rakshakumar Twitter: https://twitter.com/Raksha_Kumar Instagram: https://www.instagram.com/raksha_kumar Facebook: https://www.facebook.com/raksha.kumar

Watch or listen on your favourite platform.

Show Notes

(00:02:11) Raksha's focus on human rights in journalism. (00:02:39) People are interesting, and each person matters. (00:05:03) The impetus for writing about sexism in India's tech industry. (00:05:11) Writing about caste in India. (00:05:47) India's caste system. (00:06:33) A court case in the US raising outside awareness to caste discrimination. (00:07:08) Equality Labs. (00:07:35) The case was covered in India, but there was no discourse around caste in the Indian tech industry. (00:09:22) When discrimination was raised in the investigation, gender kept coming up. (00:10:24) Everyone talks about gender discrimination in tech. What makes India different? (00:12:40) "Tech came with a promise of a flatter world." (00:13:12) The privilege of being blind to discrimination. (00:14:09) The implicit threat to remain silent for fear of repercussion. (00:15:14) The varied reasons for remaining silent, and the individual interpretations of discrimination. (00:16:52) Privilege and discrimination are not mutually exclusive. (00:18:19) Awareness of our individual privileges and the affect of our intersectionality. (00:20:50) Observations: There hasn't been any research in caste discrimination in the Indian tech sector, and the more you delve into gender discrimination the more layers there are to investigate. (00:23:56) The drivers behind a high percentage of women in tech in India. (00:25:03) An open economy and upward mobility. (00:28:45) The subconscious awareness of your career 'expiry' as a woman. (00:29:41) The two-body problem in a different context. (00:30:57) The issues aren't unique to tech, but the way they manifest can be. (00:32:40) Intense, and potentially exploitative, work environments. (00:32:51) Wrong paper, I meant: Becker, SO., Fernandes, A., Weichselbaumer, D., 'Discrimination in hiring based on potential and realized fertility: Evidence from a large-scale field experiment', Labour Economics, vol 59, 2019, pp 139-152. (00:34:10) What makes some of these issues uniquely tech. (00:37:22) Women's visibility. (00:38:56) The support structure around women and careers. (00:41:06) The need for bi-directional support. (00:43:04) Do you know how much work it takes to make something look effortless? (00:44:01) Well meaning policies which become unintentionally discriminatory. (00:46:12) Law needs to take culture into consideration. (00:49:01) The need to incorporate the humanities into science and technology education. (00:51:45) Science is about questioning. The questioning should be about all aspects of the work, not just the science. (00:55:18) Raksha's observations from her investigations. (00:58:21) The journey between knowledge and realisation.

Follow STEAM Powered

If you can't decide between two career paths, try exploring both. Krithika Chandramouli found bioengineering to be a sweet spot between health sciences and technology and was able to explore both pursuits before she found her way to software engineering. Join us as we speak about Krithika's path to software engineering, contributing back to the community through her work and mentorship, and going from a love-hate relationship with running to completing a half-marathon.

About Krithika Chandramouli

Krithika is a Software Engineer at Meta. She comes with over 8 years of experience working in a range of industries like video streaming services, fintech, and social media. She is an expert on JS and full stack engineering, and is a technical and thought leader. She thrives when she is working on solving complex people problems that lead to innovation in products. She mentors young professionals, especially women, in the areas of career development in the tech industry. Outside work, Krithika is a runner, rows crew, practices Vipassana for mindfulness, a Veena player and an aspiring writer!

Medium: https://krithika-chandramouli.medium.com/

Watch or listen on your favourite platform.

Show Notes

(00:00:56) Biomedical engineering is the sweet spot between health sciences and technology when deciding whether to pursue med or tech. (00:03:30) The opportunity to study a broad range of subjects. (00:04:33) Bioengineering and nano drug delivery. (00:06:28) Being drawn to wearable medical technology. (00:09:05) Krithika's path to computer science through wearables. (00:09:50) Crowdsourced labelling and gamification of medical images. (00:11:38) Observations of the human element of crowdsourcing data. (00:14:10) A desire to use her skills to give back to the community. (00:16:16) Building tools to help build communities at Meta. (00:18:58) Buy Nothing groups and the importance of community in times of crisis. (00:21:26) Krithika's passion for mentoring and career development. Wanting to pay it forward. (00:22:43) Finding mentors. (00:26:59) Nerdy Girl Success. (00:27:43) Becoming a mentor or advisor in organisations like Nerdy Girl Success. (00:31:34) Bonus Question 1: What hobby or interest do you have that is most unrelated to your field of work? (00:31:38) Running and marathons. (00:34:39) With a love/hate relationship with running, why a half-marathon? (00:38:02) Bonus Question 2: Which childhood book holds the strongest memories for you? (00:38:14) "A Thousand Splendid Suns" by Khaled Hosseini and reflections on who and where we are in this world. (00:40:53) Kumar, R. (2022, Nov 1). The enduring sexism of India’s tech industry. Rest of World. (00:42:58) Bonus Question 3: What advice you would give someone who wants to do what you do? Or what advice should they ignore? (00:43:03) Advice for Life: Be bold. (00:45:08) Reflect on your own qualities, skills, and objectives, and be intentional about it. (00:49:56) Finding out more about Krithika.

Follow STEAM Powered