With cybersecurity experts taking center stage this week at the Black Hat conference in Las Vegas, the world is watching for the release of the latest breakthrough research, development, and trends. Paula Greve, a principal engineer leading the data science team within McAfee Labs, is on the front lines of cybersecurity defense. As the industry gathers at this crucial time, she answers five questions about her job.
Why did you pursue a career in data science?
Solving puzzles. Detecting patterns. I get a thrill from making sense of the seemingly unconnected.
I always wanted to do something meaningful with my Computer Science degree. And then when I was approached by a security firm out of college, I was hooked on the challenge of staying one step ahead of the attacker. Then, with the arrival of big data and the maturity of machine learning, the challenge only grew and upped the skills required. But I fell into it by accident, which is why I’m also passionate about showing young people what an impactful role they can have in cybersecurity and by pursuing a career in STEM.
Today, I can’t imagine doing anything other than searching for possible weaknesses before an attacker exploits them alongside a team of the good guys at McAfee.
What does a typical workday look like for you?
My morning kicks off with an online sync-up meeting. Unless there is a major security breach, massive new threat or other emergency, I spend some time reviewing the latest internal and external news from security researchers.
From there, the bulk of my workday is spent with other researchers investigating whether product features and capabilities are staying ahead of the cybersecurity threats. These meetings are also when we plan for the future, answering questions such as how do we scale the system to handle the new amount of needed data (which is always growing!), how do we ensure our data is protected, what missing data from our point products or from our threat intelligence sharing activities do we need to collect, and how should our products and technologies evolve to address the new threats?
But if a major incident breaks out, such as with Petya or a WannaCry, it is all hands on deck. We immediately work the problem as a greater team. One team assembles the kill chain of the attack. They feed their data into my team and we validate what we see and its relation to the kill chain. What geographies are experiencing this outbreak? When was the first evidence? What was our protection capabilities on day zero as it relates to the kill chain? Is the attack evolving or resolved? We work quickly with our product, sales and marketing teams to make sure our customers are protected or know what they need to do to get back to what we call a “known good state” as quickly as possible.
What keeps you up at night?
Knowing that if something slips through the cracks, someone else will have a very bad day. We spend every hour protecting people worldwide from over 600 million pieces of malware, seven million types of ransomware, and a wide range of other attack types. So, every day I reflect about how I can do better, how my department can do better, and how we can help our customers do better.
What’s the best part of your day at McAfee?
Working with a talented and passionate team. We all recognize how important our work is and we’re constantly sharpening our skills by sharing knowledge, exchanging insights and exploring new tactics. The pace in which technology evolves is also exciting. We’ve developed new ways to classify threats using machine learning. When a new threat comes in we can test our models against it and assess its effectiveness. Using machine learning we can enhance our models and learn quickly about the best approach.
I also enjoy carrying out my own investigations and digging into the data over the course of the day. I love working out how it all fits together, reviewing anything we may have missed, studying anomalies and collaborating with other researchers across the globe, to be able to make assessments about areas of concern. This allows our product teams to develop the tools and technologies needed to combat these threats.
In the end, the best part of my day is knowing that by applying my skills and experience, I play my part in keeping our world safe!
What behind-the-scenes insight can you share?
The threats keep coming. There is too much for any one person to keep track of. I generally collaborate with my fellow McAfee researchers –dedicated URL researchers, file researchers, threat intel researchers. But because of the changing landscape, intelligence sharing and collaboration across boundaries are now essential components of cybersecurity. McAfee has expanded the spheres of collaboration beyond just our internal team to encompass customers, external threat researchers, other security vendors, law enforcement organizations, and government agencies. More recently, we helped found the Cyber Threat Alliance, a group of cybersecurity practitioners working together to share threat information and improve defenses.
After all, Together is Power.