The Cybersecurity Speakers Session, organized by the Singapore chapter of Women Who Code (WWCode), took place on 9th July 2019 at Ground Labs’ Singapore office. The event offered a chance to hear from influential speakers on the subject of cybersecurity, privacy and personal data protection in today’s digital world.
Choong Yue Lin – Director of Women Who Code Singapore Network – kicked off the event by introducing WWCode, a global non-profit organization with a mission to inspire women to excel in technology careers. WWCode has a special hashtag, #ApplaudHer, used to celebrate and acknowledge professional accomplishments of WWCode members. Yue Lin thanked Ground Labs for their support and invited Steve Cavey – Co-Founder of Ground Labs – to say a few words. Steve welcomed all guests and said it was an honor to host the event, praising WWCode as an “awesome movement”. Steve shared that Singapore was “Ground 0 where all the magic happens” as the bulk of the engineering team was currently based in Singapore, and encouraged guests to approach the team if they wished to learn more about Ground Labs.
Magda Chelly, Ph.D – Managing Director at Responsible Cyber Pte. Ltd., CyberFeminist
This session was about “Why Cybersecurity Matters to Developers?”. Magda asked the fifty-strong crowd a question: What does Cloud mean? “A computer or a server connected to someone else’s network” was a suggestion given. Magda prompted the audience to question who they trusted the most, and if a third party’s computer or server could be a trustworthy equipment to ensure the security and privacy of their digital assets? “It might be”, she stated. However, cloud security is a shared responsibility model, where the user also needs to understand his / her responsibilities.
Magda pointed out that Privacy and Security By Design (PSBD) needs to be embedded throughout the software development cycle. She stressed on the importance of the three pillars of Cybersecurity: People, Process and Technology, which need to be addressed for an efficient cyber strategy. She explained the importance of getting the fundamentals of Cybersecurity right, starting with secure coding practices from developers. Magda described Open Web Application Security Project (OWASP) Top 10 security controls as practicing basic hygiene, and did not constitute sufficient security measures. Additional security vulnerabilities that an application might be exposed to (e.g. user access privilege escalations) meant that the developers also needed to understand the business logic and data flows of the application itself in order to spot potential vulnerabilities that could be exploited by hackers and cybercriminals. Magda reiterated the need to have the right fundamentals to code an application that was resilient to attacks to ensure the confidentiality, integrity, and availability of data. She also described the importance of external testing, or penetration testing, before launching an application into production.
Before ending her session, Magda encouraged all the ladies in the audience to sign up for the Capture-The-Flag (CTF) for Girls event in Singapore, the very first hackathon for girls in Singapore.
Magda’s website: https://www.linkedin.com/in/m49d4ch3lly/
Ben Dechrai – Technologist, Developer Evangelist at Auth0 Inc.
Ben, a supporter of the WWCode movement, had flown in from Australia to be part of the event. His session, titled “Beyond Default CMS Logins”, comprised of a live demo using the Auth0 plugin to ramp up the security for WordPress where security traditionally has been a challenge, particularly when multiple WordPress plugins are used. A common problem for developers was achieving single-sign on, multi-factor authentication flows while meeting password complexity requirements in a short turnaround time. Using an authorization platform such as Auth0, different authentication flows could be configured easily within Auth0 without a single line of code change from developers, allowing developers to focus on making the (company’s) product better. Ben demonstrated how to use the Auth0 Management API to setup the Auth0 API as the identity manager for an application.
Ben’s website: https://bendechrai.com/
Alice Ou – Senior Software Development Engineer at Ground Labs Pte. Ltd.
It was fitting that Alice talked about “Personal Data Protection in Today’s World”. Alice shared a staggering statistic where more than 14 billion data records have been breached since year 2013, with only 4% of those incidents being Secure Breaches where data was encrypted. Data security breaches can cause extreme negative impact on individuals, including life threatening situations if an individual’s health data was manipulated. Lack of data protection measures also impacted an organization’s reputation, as demonstrated when an American credit rating agency downgraded a well known publicly listed data analytics and technology company from a stable to negative rating outlook due to the company’s cybersecurity issues. Alice noted that data security issues were so critical today that governments across the globe have started enforcing data protection legislation (e.g. GDPR, CCPA, PDPA etc…) to ensure organizations better protect customers’ data privacy and security. Alice discussed the most common causes of data breaches, with hacking, malware, and physical attacks identified as the top three causes. To avoid physical attacks, Alice’s advice was to be vigilant, strengthen your body with regular exercise, and to run away as fast as you can! Alice recommended fellow developers to adopt secure coding practices, including heeding compiler warnings instead of disabling them, perform code reviews, and applying the principle of least privilege. Alice closed with an image of a car park barrier in the middle of the street, with snow marks revealing how cars just drove around the barrier to avoid hitting it. The image nailed the point of Alice’s sharing: it is essential to implement truly secure systems with security measures that cannot be circumvented by users, instead of using a system that appears secure but contains vulnerabilities that can be easily exploited.
It was a great sharing session which would not have been possible without the dedicated organizers at WWCode, and the hospitality of Ground Labs, who also provided tasty refreshments for the event. Sarah Qin, a System Analyst, said the session was very informative. Deborah Cai, a DevOps Engineer, shared that it was an interesting session and looked forward to similar events in the future.
A quick video of the event highlights is available on YouTube:
- Women Who Code: https://www.womenwhocode.com/singapore
- Women Who Code Events: https://www.meetup.com/Women-Who-Code-Singapore/events/
- Responsible Cyber Pte. Ltd. (Magda Chelly): https://responsible-cyber.com/
- Auth0 Inc (Ben Dechrai): https://auth0.com/
Ground Labs is a sensitive data discovery software company with a mission to help companies of all sizes avoid being the next data breach news headline.