Monday, November 21, 2011

Joinging the Lyric Carolers this year!

As I'm not quite up to dancing, yet, I was excited to find another venue for getting to perform - The Lyric Carolers!

The Lyric Theatre typically performs Gilbert and Sullivan light operas, or other similar period type pieces, but what to do after their fall show closes and their spring show opens? Why, sing holiday carols!

I successfully auditioned and joined the group this year. What an honor to be with such amazing singers! I even have a wonderful Victorian costume and bonnet to wear for the season. The bonnet's got a bird on it. Yes, a bird! :-)

We're still available for booking large groups of singers and small. Whether you're looking for a simple quartet to lighten up your holiday party, or the full choir for your corporate event - we can do it all!

To book, simply fill out the booking form, or send mail to ask any questions.

All proceeds go to supporting the theater's regular efforts.

Friday, November 11, 2011

GHC: Anita Borg Social Impact Award Winner

This year's ABI Social Impact Award winner is Anne Ikiara, from NairoBits.

What If More African Women Had More Access and Use of ICT Skill?

Anne Ikiara started the talk by telling us about her background as an African woman, not unlike others. She was the youngest of ten children - 6 brothers and 3 sisters. Once men are circumcised, they no longer do chores. And these aren't like American chores you give children. Ikiara had to cook. To cook, she first had to go to the forest and get firewood. Then she had to go to the well and pump water. Nothing is simple.

Forty percent of the women do not have access to any education - they aren't even functionally literate. If you cannot read or write, how can you possibly interact with technology? There is so much violence against women that just surviving is their number one task. The only time you can get online is to go to a cyber cafe, usually a long walk, which a woman can only do after she's finished her house work, and sometimes at great peril.

Making matters worse, as soon as a young girl starts to develop breasts, she can be married - as young as eight years old - to a man as old as eighty. How can she get an education then?

Still today, in Africa, women are discouraged by their teachers from pursuing math and science.

Women do 80% of the agricultural work, but only own 5% of the land. Nearly 50% of women in the sub Sahraran Africa are married by the time they turn 18!
Ikiara was lucky and didn't marry until she was 22 and her husband didn't rush her to have children. Her mother, and others, thought there must be something wrong with her, that she needed a doctor, as she hadn't had any children by the age of 26. So much pressure to just be a mother.

A recent contested political election resulted in riots - most of the dead were women.

Women in Africa need more access to education, more role models, more equality!

What has Nairobits done? They target youth from non-formal settlements - very impoverished people. No running water, living 10 people in a 10x10 shack, etc.

Originally this started in Nairobi and was meant to be a one time event - but the interest was so ovewhelming, they needed to do more.

In order to encourage women, they accept much older girls and have flexible times to come for the training. They know these 16 year olds, many of them are mothers, cannot commit to 8AM-5PM for training. Nairobits asks the girls when they cam come for training, and work with that.

This type of training is now being replicated in Uganda, Tanzania, Zanzibar and Ethiopia. Nairobits has trained more than 6,000 youths, mostly women, in Kenya alone.

Training starts slow - they may have to introduce the youths to things like indoor plumbing. What a different world. Can you imagine?

Continuing this is difficult, as donor funding is down, and there is an overwhelming need for services. So many students have to be turned away.

Nairobits has centers where the students can come and use their skills after their graduation and get access at times convenient for them.

I had to ask Ikiara how she got out of this poverty: her brother. One of her brothers recognized that she was smarter than he was, and was able to get her into boarding school where she had six years to learn in peace, with no house work. She has taken this gift, and is passing it on to others. The women she trains in technology, they, too, tell others.

The women who are trained can then get real jobs and increase the financial well being of their entire family, so parents, in the end, are usually very happy to have an educated daughter.

The most limiting thing for Nairobits is money. They need sponsors, they need funds. To put one student through six months of training - it merely costs 10,000 Kenyan Shillings - $107 USD.

This post syndicated from Thoughts on security, beer, theater and biking!

GHC: Anita Borg Denice Denton Emerging Leader Award Winner

This year's ABI Denice Denton Emerging Leader award winner is Tiffani Williams from Texas A&M University.

Discovering Relationships in the Tree of Life

Dr Williams has been studying phylogentic trees to discover relationships. She opens with the example of the Dentist in Florida in 1990 that gave HIV to one of his patients. Even though HIV can mutate from person to person, phylogentic trees can show that the source of the virus and could prove that the dentist did indeed give the virus to his patient. It was also used in a court case to identify a man that intentionally gave HIV to 6 women - he is deservedly spending the next 70 years in prison.

There is some more work in this area is used for studying big cats - to see which cats are most related. For example, the lion, leopard, jaguar, tiger and snow leopard are part of the same group, but clouded leopard is not. By studying this, they can try to help save the species.

Dr. Williams did a great job showing that some of the most interesting is cross disciplinary - you need computer science, genetics and statistics to help save species!

But, these trees can be very large, expensive to store and impossible to easily transfer. Compressed files help, but you might lose useful data.

Storage is cheap, in theory, but upgrading and adding storage to your laptop is not easy and sometimes simply not possible.

Phylogentic trees are represented in Newick formatting, a notation based on balanced parentheses. something like this: (((A,B),D),C,(E,F))); It was actually pretty clear when Dr. Williams used the laser pointer :-)

The problem: one simple phylogentic tree can have 32 Newick patterns! This makes it hard to both compress and identify relationships. Dr. Williams came up with a way to store a unique tree as a unique binary code - then a simple hash algorithm can identify related trees.

The hash table can be further compressed with shorthand, like a special symbol that means "all trees have this relationship", and another for relationships when there are fewer items that share a relationship that do. And this can all be compressed using Tree Zip and stored in plain text!

As much fun as compression is, Dr. Williams advises against using it on humans - we don't like to be compressed into a group, especially when it comes to negative stereotypes.

I learned so much today - I'd love to take an entire class from her!
This post syndicated from Thoughts on security, beer, theater and biking!

GHC: Plenary Session: Partnering with Executive Leaders for Shared Vision and Career Growth

The plenary sessions always seem a bit mislabeled to me - this one is about partnering in executive leadership, and, yes, there are executive type people on the panel - but their advice is actually useful in any level of your career.

Moderator: Linda Apsley (Microsoft)

Panelists:

Microsoft Partnership: Bill Laing and Betsy Speare

CA Technologies Partnership: Gabby Silbermann and Carrie Gates

Harvey Mudd College Partnership: Marie Klawe and Christine Alvarado

Bill Laing and Betsy Speare started out the discussion by introducing each other. At first I thought this was odd, as most people can introduce themselves the best, right? But, it was so interesting to hear the words they chose to describe each other - much more glowing than most people would use for themselves.

Both Laing and Speare again reiterate that if you're seeking advancement, you need a sponsor. And sponsors and mentors are not the same thing. When looking for a sponsor, you need to choose someone you admire and has something that you want (skills, connections, etc). But, you can't just say, "Hey, be my sponsor!" Laing suggests also looking for people you can have an authentic connection with, as that will be the most successful advocate for you.

Marie Klawe, President and Professor at Harvey Mudd, and Christine Alvarado, Assistant Professor at Harvey Mudd, met when Klawe joined Harvey Mudd as president. Alvarado was surprised to discover that Klawe had already heard about her, a measly second year associate professor. Klawe had heard of Alvarado, because of her energy and the women's programs she was starting.

When Alvarado joined Harvey Mudd in 2005, their CS department was only 12% women - not unlike the rest of the US. Between her efforts, and Klawe putting them in overdrive when she joined, they are now up to 40% women!

Some of the things that they do - they bring first year undergraduates to this conference, even non-CS majors. This encourages more women to join the department and helps to retain them, as they are able to build a network.

Silberman and Gates go all the back to when Gates was still in school, and they kept in touch. When he wanted to hire her, they actually met up at TGI Fridays in an airport. He hired Gates and has been her sponsor ever since.

Gates wanted to make it clear that Silberman wasn't just watching her and taking her to the next promotion level - she asked him. Now she's a Distinguished Engineer at CA technologies, but quipped that she's still not sure what she wants to do when she grows up. ;-)

An observation from the panel was that men and women don't necessarily think differently, but they do tend to act differently. Men have been conditioned since they were 5 to show off and try to top everyone around you. Some professors can find that type of thing annoying, when a student is constantly trying to one up them - but they are certainly noticed.

Speare recommends She Wins, You Win : The Most Important Rule Every Businesswoman Needs to Know and Overcoming the Five Dysfunctions of a Team: A Field Guide for Leaders, Managers, and Facilitators (J-B Lencioni Series), to learn more about fixing your teams and fixing them with women. :-)

A question from the audience asked about how you prevent things from looking like favoritism. Liang said this is why he recommends finding a sponsor that is not in your direct reporting line of management - they could even be at a different company! Another panelist noted that this is a reason to have more than one sponsor.

Klawe notes that she'll mentor just about anyone she has time for, but will only sponsor people that she truly believes in, so that when she tells everyone about the sponsored accomplishments, nobody will be able to deny the value of it.

This post syndicated from Thoughts on security, beer, theater and biking!

GHC: Anita Borg Change Agent Winners

This year's ABI Change Agent award winners are Marita Cheng (Robogals) and Judith Owigar (Akirachix). It's unusual to see two winners, but these young women are so fascinating, I can see how got two!

The Small Victories
Presenter: Marita Cheng (Robogals)

Marita Cheng graduated in the top 0.2% in her country from high school, and was sought after by many schools. Her parents wanted her to medicine, so she'd have a nice, steady job. Cheng wasn't interested, though, so she found she couldn't answer any of the questions during her biology review - but the reviewer did suggest she follow her passion, engineering, instead of what her parents wanted her to do.

So, her career as an engineering student began. Cheng only knew two other girls from her small home town entering engineering, and thought this must just be because she was from a small town. That view was shattered when she actually arrived at school and couldn't find any women.

Cheng surveyed friends and others to try to figure out why this was. Through all her research, she discovered that middle school aged girls are not getting enough exposure to engineering - and Robogals began!

Cheng and her volunteers started teaching 10-14 year old girls how to build robots using the Lego Mindstorms during Australian school holiday in July.
Robogals now has 17 chapters in 6 countries, has taught over 3000 girls about engineering and use 1000 student volunteers.

Why 10-14 years old? It's the best time to capture their interest so that they still have enough time to get the right pre-requisites to explore engineering in university.

The charity is fully student run! Right now just in Australia and New Zealand, UK and Europe - will be expanding to the US in 2012.

And, yeah, Cheng is still a student, too! Wow!

Where Did All the Girls Go?
Presenter: Judith Owigar (Akirachix)

Judith Owigar from Nairobi, and while studying in Kenya, discovered a great dearth of other African women studying engineering and she wanted to fix this.

Africa really lacks infrastructure - no land lines, DSL, etc. Mobile phone technology has really changed the picture - giving more people a chance to connect in Africa.

In Kenya alone, they have 25 million mobile subscribers (64% of the population), and 12.5 million Internet users - mostly accessed via mobile phones. So, anything AkiraChix wants to do needs to be accessible via mobile phones.

The organization seeks women already in tech to train them to do outreach, give them networking opportunities and set them up with with high school girls that they can mentor.

Owigar believes that having more technical women in Africa can help end poverty. Education is the key to a successful life ahead. I've heard so many other people talk about this - more educated women have more control over how many children they have and their ability to feed and educate their children. That's how you end the cycle!

AkiraChix has been training high school girls in Java - and some of their former students are already developing software for Android!

Owigar is seeing more results, girls are forming tech businesses, going into new higher paying jobs, more confident, expanding their network and staying in tech.

Both really inspired me! Small changes are making a big difference already!

This post syndicated from Thoughts on security, beer, theater and biking!

Exciting Crypto Advances with the T4+ processor and Oracle Solaris 11

I'm sure you all heard about the T4 launch in September, announcing the latest and greatest in the SPARC hardware line. These systems add a number of new features, but I'm going to focus on the ones that are related to cryptography.

UPDATE 4/2016: Everything in this document additionally applies to Oracle Solaris 11.1, 11.2, and 11.3, and all of the Oracle SPARC chips we've released since T4! This includes our latest launch of Oracle SPARC M7/T7. While the underlying crypto instructions have been very stable we, of course, have continued to tune performance and tweak mode support.  Since 11.2 we have additionally supported Camelia, which is also optimized by Oracle SPARC T4 and newer platforms! I've updated the document throughout to note T4+.

The Cryptographic Framework feature of Oracle Solaris was first included with Oracle Solaris 10.
Our focus was always to provide highly optimized algorithms to the rest of Oracle Solaris, so that the entire operating system could take advantage of the best cryptographic performance available.

At that time of the initial release of Oracle Solaris 10, there were no standard CPUs with cryptographic cores, but as the SPARC T series chips were developed, we always made sure to have a driver plugged into the Cryptographic Framework that would give the Cryptographic Framework consumers access to these devices.

But things have changed with T4+. These chip sets have made crypto a part of the core instruction set, accessible via nonprivileged instructions. That means, there are no drivers required to enable hardware assistance for cryptographic operations. Applications just access these instructions just like any other basic CPU instruction. That's right, crypto is now just a basic service provided by the CPU.

What does this mean? Well, before, in order for an application to access hardware crypto on a T3 system, the stack would look something like this: application -> libpkcs11 -> pkcs11_kernel -> IOCTL interface -> n2cp (7D) -> hypervisor -> crypto unit.

Now the stack will look more like this: application -> libpkcs11 -> pkcs11_softtoken -> CPU.

The one notable exception for this is the hardware random number generator (HW RNG), which still is only directly accessible via hyper-privileged registers through the n2rng driver. You can access this via /dev/random and /dev/urandom, as well as through the Cryptographic Framework's libpkcs11. See random(7D), n2rng(7D), and libpkcs11(3LIB) for more details.

With all of these changes, we're able to even more highly optimize the performance of cryptography on Oracle Solaris 11 and newer.

Algorithms Included

A primary goal of the Cryptographic Framework is to provide Oracle Solaris with highly optimized algorithms, and we made no exception for this release.

In Oracle Solaris 10 Update 10 (08/11), AES, DES, DES3, MD5, SHA1, SHA2 (SHA256, SHA384, SHA512), RSA, and DSA are all accelerated by T4+ crypto instructions for all supported modes of operation. To access these via libpkcs11 (3LIB), you'd use the standard PKCS#11 mechanisms listed below [1].

If you additionally download patch 147159 for Oracle Solaris 10 Update 10, you'll get further optimizations for AES-ECB, AES-CBC, AES-CTR, AES-CFB128, and MD5, SHA1, and SHA2.

In Oracle Solaris 11, we have all of those optimizations, plus optimizations for DES and 3DES, as well as optimizations and support for AES-CCM and AES-GCM.

To access these optimizations on Solaris 11, you need change nothing. We've made all of the code changes necessary in the Cryptographic Framework for you. Your applications that use the Cryptographic Framework (see Consumers section below for many examples), will take advantage of our optimizations and the T4 hardware right out of the box.

OpenSSL engine

UPDATE 4/2016: The OpenSSL T4 engine no longer exists, since our friends at OpenSSL have inlined all of the T4+ instructions into the main source tree! Thank you! Misaki wrote up a great blog describing this.

In Oracle Solaris 11 on a T4 system, you'll notice a new OpenSSL engine called t4. The t4 engine allows OpenSSL to access the optimized T4 crypto instructions directly, without needing to go through PKCS#11. The t4 engine is on by default, if the processor below supports those instructions. Nothing for you to do.

If you're still running Oracle Solaris 10 Update 10, you'll still need to set up your application to go through the pkcs11 engine, and make sure you apply patch 147707.

For example, if you're using Apache Web Server on Oracle Solaris 10 Update 10, or on Oracle Solaris 11 (in order to get the RSA accelerations) you'll need to set this line in your ssl.conf:
SSLCryptoDevice pkcs11

Consumers and Performance

The consumers of the Cryptographic Framework includes: ZFS, IPsec, IKE, kerberos (user and kernel), libsasl, KSSL (in Kernel SSL), OpenSSL, SSH, Java JCE, libsnmp, lofi(7D), and the Oracle DB (11.2.0.3). As well as anything that accesses libpkcs11(3LIB).

Just a note about the Java, T4 and newer processors are treated the same way as on T2, T3 and Intel - you need to go through the Java JCE provider.  UPDATE 4/2016: Java has started taking advantage of SPARC T4+ crypto acceleration directly. Currently in JDK8u40, Java accelerates generic AES, SHA1 and SHA2.  Keeping up-to-date on JDK8 patches will provide the best out-of-the-box performance.

And the Oracle Database? Uses our optimized T4 functions right out of the box (v 11.2.0.3 and newer).

Do you want to see just how much our performance optimizations get you on T4? Click on any of the hyperlinked consumers above to see their specific performance gains on T4, or navigate on over to BestPerf to see the latest and greatest numbers.


With the exception of the extra steps required on Oracle Solaris 10 Update 10 for OpenSSL to obtain access to the optimized functions that use the T4+ instructions, there is nothing for the administrator to do to get access to this acceleration. It simply works right out of the box.

How do I know if I'm using this?

Accessing these instructions does not require a driver, so there are no kstats to indicate how often any of these instructions are being used. At this time, it is not possible to obtain data from the Operating System regarding execution counts for nonprivileged cryptographic instructions.

UPDATE 4/2016: There is a hardware counter, but it also includes a bunch of floating point operations as well. Dan Anderson wrote a blog about detection that has been updated since we removed the OpenSSL T4 engine (in favor of simpler inlined instructions).

[1] PKCS#11 mechanisms used for accessing T4+ crypto instructions via libpkcs11 (3LIB) in Oracle Solaris 10 Update 10 and Oracle Solaris 11:

CKM_DES_CBC, CKM_DES_CBC_PAD, CKM_DES_ECB, CKM_DES_KEY_GEN, CKM_DES_MAC_GENERAL, CKM_DES_MAC, CKM_DES3_CBC, CKM_DES3_CBC_PAD, CKM_DES3_ECB, CKM_DES2_KEY_GEN, CKM_DES3_KEY_GEN, CKM_AES_CBC, CKM_AES_CBC_PAD, CKM_AES_ECB, CKM_AES_KEY_GEN, CKM_BLOWFISH_CBC, CKM_BLOWFISH_KEY_GEN, CKM_SHA_1, CKM_SHA_1_HMAC, CKM_SHA_1_HMAC_GENERAL, CKM_SHA256, CKM_SHA256_HMAC, CKM_SHA256_HMAC_GENERAL, CKM_SHA384, CKM_SHA384_HMAC, CKM_SHA384_HMAC_GENERAL, CKM_SHA512, CKM_SHA512_HMAC, CKM_SHA512_HMAC_GENERAL, CKM_SSL3_SHA1_MAC, CKM_MD5, CKM_MD5_HMAC, CKM_MD5_HMAC_GENERAL, CKM_SSL3_MD5_MAC, CKM_RC4, CKM_RC4_KEY_GEN, CKM_DSA, CKM_DSA_SHA1, CKM_DSA_KEY_PAIR_GEN, CKM_RSA_PKCS, CKM_RSA_PKCS_KEY_PAIR_GEN, CKM_RSA_X_509, CKM_MD5_RSA_PKCS, CKM_SHA1_RSA_PKCS, CKM_SHA256_RSA_PKCS, CKM_SHA384_RSA_PKCS, CKM_SHA512_RSA_PKCS, CKM_DH_PKCS_KEY_PAIR_GEN, CKM_DH_PKCS_DERIVE, CKM_MD5_KEY_DERIVATION, CKM_SHA1_KEY_DERIVATION, CKM_SHA256_KEY_DERIVATION, CKM_SHA384_KEY_DERIVATION, CKM_SHA512_KEY_DERIVATION, CKM_PBE_SHA1_RC4_128, CKM_PKCS5_PBKD2, CKM_SSL3_PRE_MASTER_KEY_GEN, CKM_TLS_PRE_MASTER_KEY_GEN, CKM_SSL3_MASTER_KEY_DERIVE, CKM_TLS_MASTER_KEY_DERIVE, CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_MASTER_KEY_DERIVE_DH, CKM_SSL3_KEY_AND_MAC_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, CKM_TLS_PRF.

UPDATE 4/2016: As of Oracle Solaris 11.2, we also include the following hardware assisted mechanisms:  CKM_CAMELLIA_CBC, CKM_CAMELLIA_CBC_PAD, CKM_CAMELLIA_CTR, CKM_CAMELLIA_ECB, CKM_CAMELLIA_KEY_GEN.

This post syndicated from Thoughts on security, beer, theater and biking!

GHC: Anita Borg Technical Leadership Award Winner

This year's ABI Technical Leadership award winner is Mary Lou Soffa, from the University of Virginia. Her talk was titled "My Dance with Research: An Ode to my Graduate Students"

Dr. Mary Lou Soffa has graduated a bunch of PhD and MS students, half of which are women and/or minorities - impressive! Thirty-two PhD students alone (half women).

Dr. Soffa has been so inspired by her own graduate students, they keep her on her toes (she's got to make sure she's reading all of the latest publications in her area), lead her research in unexpected directions and challenge her on a regular basis.

One of her favorite things about being a professor has been mentoring. When she saw what a big difference she could make with just one student with just a little extra time, she knew this was something she had to pursue.

She's noticed a consistent pattern between her male and female students - for example, when a male student's paper is rejected, he believes the program committee is full of idiots. When a female student has her paper rejected, she believes it's because the paper was just junk. Hrm, gets back to yesterday's keynote about men overestimating their own accomplishments.

Dr. Soffa draws parallels to some of her favorite dances for how different students work - like the Swing - all over the place (she must remind them to focus, focus, focus!!), or Hokey Pokey - coordinated and works well with others.

Dr. Soffa had quite a windy path to becoming a computer scientist! She started out in maths, tried sociology, philosophy, environmental acoustics - all in PhD programs, before discovering computer science (via a course required by her environmental acoustics studies).

Not only does Dr. Soffa metaphorically dance with her students, they do so with each other as well. She took us through a cool graphical adventure about how each of her students work influenced each-other, even years later, as well as the general computing world. For example, one of her fist student's work went into the C++ language.

Dr. Soffa's students work on code analysis is now being used to find vulnerabilities in code in a safe lab environment.

One suggestion Dr. Soffa had for one of her students, who was always rushing to implement things and not thinking through the designs, was to sit in a room for four hours and just think. No laptop, no cellphone, not even any paper. Just think. She said there are so many interesting ideas you can come up with in the silence of your mind. Might have to try this, but when could I have four hours to do this? Maybe just starting small.

It sounds like she's just had a blast in academia, anyone thinking about pursuing a PhD should look to have her (or someone like her) as an adviser. Student success, learning new skills (for students and herself), and moving research forward are so important to her. What an inspiring woman!


This post syndicated from Thoughts on security, beer, theater and biking!

GHC: Friday Keynote

This morning's keynote: The Honorable Shirley Ann Jackson, Rensselaer Polytechnic Institute. The first African American to get a PhD from MIT and the first African American woman to head up a national university, among many other firsts.

Dr. Jackson joked that it's often easier to get two computer scientists to communicate, even from across the world, then it is to get a CS person to communicate with sales person in the same room. :-)

She notes, more seriously, how important science is to communicating on a global perspective. It's a way to grow, think, interact and imagine. The digital world has shrunk the world, allowing people from radically different cultures and disciplines to work together.

Overcoming communication barriers is so important for helping to bring solutions to the international marketplace. Realize that some women may see three different colours: azure, teal, aquamarine... a man may just see green. Choose your words carefully and respect those you're talking to. Listen and be prepared to short out conflicts.

Another barrier to communication is cognitive biases. To best be able to collaborate, we need to go in with trust and assume that the others at the table are also honest and looking for sincere collaboration.

As technologists, we need to learn how to take data and show it in a way that can touch the general public - humanize it.

Expand this idea to social cognitive networks. There is so much here that can still be explored, how can we apply this? Will it allow us to make wiser choices? Communicate with others better? Or perhaps just be really cool :)

When we start to add sentience to the network, we're again back to trust. Having trust is easy, validating that your trust is well placed is hard.

This post syndicated from Thoughts on security, beer, theater and biking!

Thursday, November 10, 2011

GHC: Senior Women's Summit

The day long session started out with some great tips from Jo Miller, both talking about our brand again and got us brainstorming about what things we think are holding us back. Jo had a recently published article on the Anita Borg site that talked about the difference between a sponsor and a mentor. A sponsor or advocate is someone that stands up

After lunch, we sorted ourselves by industry and academia, as well as by goals (Industry Individual Contributer vs Executive tracks), and I had a tough call to make. Do I want to pursue the DE track? Or management? Then Jo Miller reminded me that this is just a networking and learning exercise - why not get exposure to people I don't have access to now? So, I sat down with an executive from American Express. :-)

Then we got a wonderful panel of very senior women that told us about their paths.

Moderator: Sabina Nawaz, Executive coach and organizational development consultant; CEO, Nawaz LLC

Panelists:

  • Nora Denzel, Senior Vice President, Big Data, Social Design and Marketing, Intuit
  • Jamie Erbes, HP Fellow and Director, Services Research Lab, Hewlett-Packard Labs
  • Ann Gates, Associate Vice President of Research and Sponsored Projects, University of Texas at El Paso
  • Leah Jamieson, The John A. Edwardson Dean of Engineering and Ransburg Distinguished Professor of Electrical and Computer Engineering, Purdue University
Leah Jamieson has been the Dean of Engineering as well as a professor at Purdue University for 5 years, and has found it to be a rewarding and demanding task - she's had to learn how balance looking forward and looking up, while still taking care of everything beneath her - as Dean, there are a ton of responsibilities.

Ann Quiroz Gates talked about making sure you stay active in your communities, for her that means IEEE. You need to be able to articulate what you need, and be ready to make a case for what you bring to the table. Don't just be the squeaky wheel - show what someone is going to get in return.

Nora Denzel said she actually had a really fast rise into the executive ladder - just 15 years! HP actually sent her back to school to get her MBA. Her advice? "I strive to make sure I'm not the smartest person in the room - be comfortable with being uncomfortable." How else can you grow? She believes that sometimes the biggest thing that holds us back is our own minds - grow your network, worry about doing a good job and not necessarily make everyone like you.

Jamie Erbes said she thought she herself is her biggest roadblock sometimes. For example, at HP you have to apply for fellowship - and she kept not doing it. One year, as the deadline approached, executives and other fellows kept coming to her and asking her why she hadn't submitted her application, yet. She didn't think she was worthy, but after enough people asked her

Jamieson marks the import of picking a clear communication style and make sure it works for the job you're aiming towards.

Several of the panelists mention how times were rougher when it came to networking in the 80s, like Erbes being left in the car when the rest of her co-workers went to strip club. Fortunately, that type of thing would not be considered acceptable behaviour.

Denzel and Jamieson both stress how important it is to show agility. While working for the same boss for 10 years may show your loyalty, it doesn't necessarily show your ability to learn new things quickly. This is a weird one for me - I've worked in such a large company for so long, but my job is always changing. My LinkedIn profile is full of all sorts of different jobs, even though it was always the same person writing my paycheck. Does that show agility? Does the fact that I like a steady paycheck and stability of having health insurance mean that I'm not willing to learn new things? Probably not, but it's something to be sure that I can present well that it's not just one job.

Advice from the panelists on your brand (after being asked by the audience what their brand was) was to do a "360 review" and see what people think your brand is - it could help you better align what you're doing, or motivate changes if it's not something you like.

After the panel, we all got to sit down at a table with a senior executive from major companies and ask anything we wanted. I even got to practice my elevator pitch with an exec from Adobe, and she gave me some great tips to improve. Then we did some more speed networking, then through our biggest "want" on the wall and people signed up to help us. I definitely have things to follow up on here!

More on that later!

This post syndicated from Thoughts on security, beer, theater and biking!

GHC: Thursday Keynote Sheryl Sandberg

Our keynote speaker is Sheryl Sandberg, from Facebook.

Sheryl Sandberg has the tough balancing act between providing connections and protecting privacy. Best career advice she ever got came from Eric Schmidt, after she was leaving government and entering industry, and he offered her a position as general manager of Google. To Sandberg, that GM position was nothing, and she didn't want it. Schmidt tolder her "Stop being an idiot, all that matters is growth. If you go to a comapany that is growing, it doesn't matter what you're doing."

In the US, we have a huge unemployment rate, with fears that this is not a temporary problem, but Sandberg doesn't see this in tech. She said every technology firm she knows is hiring and growing. Technology jobs are the exception.

Sandberg admits that she's not a computer scientist, not even very technical, but she is a woman, so finally decided she felt qualified to do the keynote at Grace Hopper. She said she would be better at her job if she were more technical, and doesn't think that someone could do her job in the future unless they were technical.

STEM jobs pay more across the board, but women still only make 86 cents per dollar for the same job, compared to men with the same qualifications.

In order to have leaders in the future, we need more women to join STEM careers. But, in order to do that, we need to attract them to the programs and make sure they stay in. This has been accomplished at Harvey Mudd - gone from 12% women in CS to %40.

But, we're losing ground in leadership roles. Women are not getting promoted, women are losing seats in congress.

Seventy percent of the people in poverty are women. Women are still the property of their husbands. This type of thing just cannot go on.

Sandberg has 5 pieces of advice for staying ina career in CS and in a career in
general.

1. Believe in yourself

The best talk she'd ever attended was "Feeling like a Fraud" (Imposter Syndrome, now). When she mentioned it to male colleagues, they didn't get why it would be interesting. Men, time and time again, overestimate their achievements - women undervalue. Men attribute success to themselves. Women, to working hard, help from others, and being lucky.

Raise your hand, even when you're not sure you can do it - because there's a man next to you that is raising his, and he's not necessarily anymore qualified then you are.

You need to sit at the table, or opportunities pass you by.

When Sandberg gave this talk at Facebook, she said she had time for two more questions as they were short on time. Later, a woman came by her office and said she learned something. Sandberg felt pretty awesome, so asked what it was. The employee said, "I learned to keep my hand up". Huh? Well, Sandberg said she'd only take 2 more questions - so after the second question was asked, all the women put their hands down. Because there wouldn't be anymore questions. But, that's not what actually happened - Sandberg continued to take more questions - from the men. Several more.

Sandberg noted that if she didn't notice this, as a woman while giving this talk, how could we possibly expect our peers, managers, leaders to notice us if we aren't raising our hands?

2. Dream big

We have an achievement gap - until we close this gap, we won't have more women in these top fields. As men get more successful, men and women like them more. As women get more successful, men and women like them less! Huh? So, we, as humans, want to be liked. so may not be as ambitious - may not seek those top positions. What if we had 50% of power positions filled by women? We couldn't possibly dislike 50% of our leaders. Sandberg believes that the solution to this problem is simply more women in computer science, more women at the top.

3. Make your partner a real partner

If you want to succeed - you have to have a real partner. You can't rise to the top and still be in charge of the majority of the house work and parenting. Sure, date the wrong guy in college, have fun - but marry someone that's going to be a partner. Just like with work achievements, most men overestimate how much time they spend on parenting as well!

4. Don't leave before you leave

Women leave jobs piece by piece. For example, if she is attending medical school, but knows she will be in charge of raising the children - she might pick a less interesting field. If she turns down an interesting job, because she's thinking of having children - she'll feel undervalued and regret missing that opportunity later.

"Lean forward. Always lean forward."
Tech jobs are the most flexible, so they tend to attract women who need the flexibility.

5. Start talking about this

I know what it's like being the only woman in the room. You don't want to rem
ind people about this. "I spent the majority of my career fitting in". Men are
jumping at the opportunities, women wait to feel comfortable with the idea of the new career.

Sandberg was advised against doing TED talks about being a woman in tech, told it would ruin her career if she dared to say that men and women were different. In fact, it didn't - it did lead to more women applying for jobs at Facebook.

Sandberg used to work 7AM-7PM, but that's just not possible with children. Sandberg is always home for dinner at 6PM - yes, she's checking email later at night than she used to, but she is doing it.

We need to talk about it - if we don't, things won't change.

"I'm older than most of you in the audience, by decades. I want to tell you something - my generation is not going to change this. You are the promise for equality, and equality is what matters."

What if men were half of the stay-at-home parents? What if we had more women CEOs?

"What would you do if you weren't afraid?"
What an amazing talk - so inspiring!

This post syndicated from Thoughts on security, beer, theater and biking!

Wednesday, November 9, 2011

GHC: Workshop: Building Your Brand as a Technical Expert or Leader

I love Jo Miller. She has an excellent grasp of personal brand. And not that cheesy brand thing you hear every one else talking about, but what do you want to be known for - what do people come to you for. Being well branded helps you to make connections and help others make connections.

Jo gave us a goal to come up with what we want our career niche to be, create a personal brand statement and figure out how make our brand visible. And this has to be something we can really use.

How does one figure out ones ideal career niche? Well, first, I should stop writing like I'm the Queen (as she's already got her niche figured out for her :-). Really, what are you passionate about, what are your skills and talents, and what does your company need/value? If you can find a place where those things intersect, you may have just found your niche!

When you know your sweet spot, it's easier to choose assignments, mentors and sponsors.

For me, I've been in my field for more than a decade. Back in the late 1990s, early 2000s, I was the firewall expert. I knew all there was to know about the complicated protocols, ins and outs of PASV FTP (passive file transfer protocol, used by browsers), and I rearchitected the SunScreen firewall NAT (Network Address Translation) component. I was nicknamed the Goddess of NAT.

But, as the years have gone on, I've become much more general - focusing on more connecting technologies, like the Oracle Solaris Cryptographic Framework. I'm not a cryptographer, but I know the basics and I know the standards. I'm a great public speaker, all the acting I've done really helps with that. I'm great at making connections and helping people to solve their problems, even if I can't solve it myself. I write good code and debug problems. I design software. I am an expert in defect tracking. Certainly those are useful skills? How do I make that a brand?

It may not be as bad as I think, as when I asked a fellow conference attendee what my brand was, she said: "security, beer and bicycling". Well, that does sum up my passions!

Jo Miller also talks about what happens if you've somehow ended up a negative brand? One example was a woman who was branded as "high maintenance". The woman was a QA manager and thought she taking care of problems. She needed to change from being the complainer, to the partner in helping people to solve their issues. Something definitely to think about. (side thought of my own: do men have to worry about this?)

Another place you can get caught is as an entry-level or mid-level type person, which makes it hard to get promoted.

While you're still in school, it's easier to create a brand - work hard and get good grades, and you're branded as a good student. But how does that work in the real world? How do you take results and get to reward and recognition? You've got to add visibility!

How can you do this? Jo Miller's first step, strangely, is work less! Huh? Well, if you're always working and never telling people about what you're doing, nobody will notice. This doesn't mean spend 95% of your time evangelizing yourself - you have to have something to evangelize after all. Just spend 5% of your time doing this.

She asks us to write a "30 second commercial" for ourselves. Mine would be, "I'm Valerie Bubb Fenwick, Principle Software Engineer in Oracle Solaris. I'm known for security, beer and ...." oh, wait. Gotta tweak that. "I"m known for security and as the bug queen. Come to me when you need help learning about security, defect tracking, or finding the right person to help you in the Oracle Solaris organization." "and, we can talk over a beer" :-)

So, that just gets us through the first two steps. Once we pull this all together, we need to have a career-planning conversation with our leaders. Yes, that includes your manager, but others in your organization. Show them your value in the thing you're interested in. And, once you do that - you need to ask for help. Just something as simple as, "Is there anyone else you think I should talk to about this?"

The fourth step sounds so simple: work hard, but on the right projects. How do you know what the right projects are? Something that aligns with your brand or where you'd like your brand to go. And deliver. If you don't deliver valuable results, no matter what else you do, you aren't going to get anywhere.

When picking the project, look for specific roles (as opposed to general), push the cutting edge in your field of expertise, executive special projects, projects that directly support your organizations strategic plan, exposes you to a new department and demonstrates higher level of technical, business or leadership skills.

Now, on to speed network!

This post syndicated from Thoughts on security, beer, theater and biking!

GHC: PhD Forum 1: Hardware and Security

Intelligent Cache Management for Reducing Memory System Waste

Presenter: Samira M. Khan (University of Texas at San Antonio)

Caches are just not efficient, if there's a cache miss hundreds of extra cycles of delay are added. Processor performance is doubling every 18months, but memory performance is only doubling every 10 years! It just can't really keep up.

Most of microprocessor die are is cache, but they aren't efficient. Using the cache efficiently is important to improve performance and reduce power. The problem is dead blocks - not even getting used. Up to 86% of blocks in the cache are dead at any one time.

This is caused by the most recently used cache management policy, so many blocks just simply go unused. Khan's research was based around predicting which blocks were going to be dead and take advantage of them and changing the replacement policy, reducing power requirements of the system.

Usable Security and Privacy Policy Management

Presenter: Maritza L. Johnson (Columbia University)

Johnson's research is around access control and policy management. She started out with some real world examples, like how all of us are wearing Grace Hopper Conference badges, which grants us access this session.

Johnson's next slide was the Confidentiality, Integrity and Availability triangle, while she discussed the balance while talking about read write access to files, an every day problem in shared environments. To properly approach this, there needs to be a constant cycle of evaluation, analysis, and design. You can't just come up with a design and be unwilling to modify it, as needs and usage may change.

As users of Facebook, we're all access control managers, as well. Johnson and her colleagues did their research around facebook, as it's so open and available for studying.

A question the research sought to solve was Are users' Facebook privacy settings correct. This is hard to totally know what someone else's intent was, as each person has a different level of information they feel comfortable sharing.

The app they developed an application to look for potential violations between what the user intended and what they got. For example, if someone shared publicly "I'm at work. I'm just laying on these chairs until my boss..." ... should that really be public?

The research involved participants using an app that they told what type of information they wanted to share, and then it studied what happened over a period of time, and showed what it believed were violations of the policy to the users. Many of these were confirmed to be violations, yet, users still didn't want to change their privacy settings.

The ideal setting for most user is actually to just share with friends only.

Detecting Stealthy Malware Using Behavioral Features in Network Traffic

Presenter: Ting-Fang Yen (Carnegie Mellon University)

Yen started out with a great background in what a Botnet is: infected hosts with a subtle command & control system that are doing malicious activities. One single botnet has 3.6 million hosts - combined, they have more computing power than the top 500 supercomputers combined.

A botnet may have a centralized control, where all infected hosts get their commands from a central control computer, but many have peer-to-peer control.

Previous work in this area looked for a signature of a botnet to identify new infections. Similar work is done by mapping behaviour of a botnet.

Botnets are becoming more sophisticated, but our current techniques are just not keeping up.

Yen's research was around finding previously unknown bots. One way of doing this is using the research that shows that most hosts use a consistent amount of network traffic on a daily basis - if that traffic suddenly rises, or happens during odd hours, the host may be infected. Bots also use consistent payloads - so look for a lot of similar communication.

Peer-to-peer botnets tend to blend in, traffic wise, with other, normal peer-to-peer traffic. Research noticed, though, that timing of botnets packets are too regular - not being driven by a human.

This post syndicated from Thoughts on security, beer, theater and biking!

Monday, November 7, 2011

GHC: Excited about presenting!

I'm getting really excited about the Grace Hopper Celebration of Women in Computing - I fly to Portland tomorrow. I've got my schedule put together [1], and the slides for our presentation posted on the GHC Wiki.

I'm thrilled to be presenting with Radia Perlman (Intel), Terri Oda (University New Mexico), and Lindsey Wegrzyn (Adobe) - such an esteemed group of women. We're presenting on modern day security attacks and how to protect your privacy online. This isn't going to be a highly theoretical talk, but helping technically savvy people understand the sometimes tricky environment we all work in every day.

We're presenting on Thursday, November 10th 11:30AM-12:30PM Convention Center – B113-115. Come and check us out!

What talks are you most interested in seeing?

[1] Unlike most conferences where you have a choice between an invited speaker track and refereed papers - the Grace Hopper Celebration of Women In Computing has EIGHT simultaneous tracks. If you haven't spent time at least narrowing down which track you want to attend for each session, you won't really have time to figure it out on the fly and will likely end up in a track that isn't as interesting to you as some of the others. Btw, you can switch to different tracks throughout the day.

Thursday, November 3, 2011

Wow, Ten Platelet Donations This Year!

And it's only just November!  I got an email this morning from the StanfordBlood Center telling me that last night's platelets donation was my tenth of the year. I still have 4 or 5 more appointments scheduled, so as long as I can stay away from sick people, hopefully I can get to 15 by the end of the year!

Why do I give platelets? First of all, I can give more often - once every 72 hours (though a maximum of 24 times a year). Platelets are also the most precious component of the blood - when they take platelets from you at the center, they use an apheresis machine that puts the red blood cells back in your body. The platelets are needed for premature babies and cancer patients, among other critical need patients.  I've had enough friends and relatives that were very sick and needed platelets, so I want to make sure the blood bank always has plenty on hand.

Unfortunately, platelets don't have as long of a shelf life as regular blood - so, it's a good think I can give more often!

I'm going again in a couple of weeks (November 14th at 5:30PM in Mountain View) - who wants to come with me? If you've never donated platelets before, you'll have to donate whole blood and get tested to see if you have enough spare platelets in your blood stream that you donate.

This post syndicated from Thoughts on security, beer, theater and biking!

Wednesday, November 2, 2011

Using Twitter and LinkedIn at Conferences

For those of you that don't also follow the Grace Hopper Bloggers blog, I wrote two posts there recently on getting the most out of LinkedIn and Twitter for conferences.

As I've been managing the Anita Borg Institute for Women in Technology group and the Grace Hopper subgroup for more than a year, each with thousands of members, I've come to learn a thing or two about what makes a good profile and what makes you look like a spam troll.  If you're interested, wander on over to GHCBloggers and check them out.

And what makes me an expert on Twitter? Um... 7500+ tweets?

Did I miss anything?