CyberWire Daily - Susan Hinrichs: The cross between computer science and security. [chief scientist] [Career Notes]
Episode Date: October 15, 2023Susan Hinrichs, Chief Scientist at Aviatrix sits down to share her story, with over 30 years in experience spanning a variety of networking and security disciplines and has held leadership and acade...mic roles, she sits down to discuss her amazing career. Earlier in her career, Susan served as System Architect at Cisco where she spent nine years designing and developing Centri Firewall and a variety of network security management tools. She worked as a Lecturer, Computer and Network Security for eight years at the University of Illinois at Urbana-Champaign (UIUC) where she developed a hands-on Security Lab introduction course for students in her first year, and later in her tenure, along with two colleagues, created a malware analysis course designed for senior students. With all of the amazing things she's done in her career, she shares the advice to new comers into the field, saying "I think also as you're trying to get that next job either as a student or as a professional trying to change direction a little bit, if you're coming into interviews being able to talk about a project that you worked on, even if it's not a project that really anyone uses, but if it's something that's interesting that you have in depth understanding of, uh, I think is super valuable to get you noticed." We thank Susan for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. My name is Susan Henricks.
I am chief scientist at Aviatrix.
When I was little, I wanted to be a teacher
because that's what my mom and my grandmas were.
And computers weren't really a thing.
My mom was very excited when she got her first TI calculator.
So, but when I hit junior high school, you know, the apples were starting to come out.
And there was one at the town library kind of poked around at that a little bit.
But by the time I was in high school, I had
gotten some connections with folks at the University of Illinois and was able to work on
their Play-Doh system. I grew up in a small town next to University of Illinois, so that was quite
fortunate. It wasn't really until I got into high school that I got some opportunities to work more with technology and kind of the emerging computer software revolution.
Went on to the University of Illinois and studied computer science.
That was a really great opportunity,
but I did feel kind of uncomfortable coming in without that
because a number of the other folks coming into computer science
did have experience with the early Apples or Trash 80s
or breaking into their video game systems.
But it was all great.
Certainly, I think it's good maybe if you have some knowledge coming in, but it's certainly at the time, and I don't think it now either is really a requirement because we all come in from different backgrounds and you get introduced to different things at different times.
I was able to get a job for about nine months in a local security operating system company called Atomax here in town.
Doing writing test systems for SecureOS, which for government accredited security systems, testing is a super huge component.
And also then working a little bit towards the end with some of the actual feature development.
And from then I went on to grad school. I went to Carnegie Mellon for grad school and ended up working on parallel
systems there in architecture. So kind of diverting, but that's how I got started into
working with networking from that aspect of parallel systems.
systems. When I graduated from Carnegie Mellon, the market for distributed systems, distributed memory parallel systems more specifically, was kind of soft. So I had a postdoc opportunity,
but then I also had a connection back from the security company, AtomX, that I had worked with in between undergrad and graduate school.
And he had started a startup company that was concentrating on network security.
And so that seemed really exciting.
So I took an opportunity with Blue Ridge Software at the time and started working with them.
We're Blue Ridge Software at the time and started working with them.
And we pivoted and started looking at making a firewall to work in the Windows NT stack.
And Windows firewalls were a huge thing at the time because networking was just coming on to Windows systems.
And the Windows systems network stack you would get from a third party,
and all of them had some rather obvious flaws.
So having a firewall to kind of prune out those obvious attacks was a huge thing.
In the meantime, our company had gotten the attention of Cisco Systems.
They ended up acquiring us. So we stayed at Cisco or I stayed at Cisco for
seven years or so. But eventually Cisco decided to, we had an office here in Champaign and
eventually Cisco decided that they wanted to close smaller offices and I wasn't ready to move to California. So my husband and I started a
consulting company called Network Geographics, which we ran for a while. And I also took a
part-time position at the University of Illinois teaching computer security and networking and computer security. During our consulting work with my husband, we started
working with an open source product that had been open sourced by Yahoo called Apache Traffic Server.
And so as part of that, we became committers on the project. And eventually we asked if Yahoo
would be interested in hiring us to do some consulting
and they said well no we don't really do consultants but hey we see you're in Champaign
and we have an office in Champaign we would just like to hire you and so we did that for a few
years and the first manager and the person who actually had recruited us to Yahoo is my current boss, actually.
He eventually wandered off and went off through Google,
and then eventually he became attached to Aviatrix.
And so he came back and reached out to me to say,
hey, are you bored at Yahoo?
Would you be interested in coming and doing something new and exciting?
So I joined up with Josh, my former manager, and been having a grand time here at Aviatrix.
I think it depends on how you think about things.
But for me, being able to be hands-on and try things has been very valuable for me to figure out what is good
and interesting and to really get a deep knowledge of how things work.
And I think also as you're trying to get that next job, either as a student or as a professional,
trying to change direction a little bit. If you're coming into interviews,
being able to talk about a project that you worked on,
even if it's not a project that really anyone uses,
but if it's something that's interesting
that you have in-depth understanding of,
I think is super valuable to get you noticed.
So there's, I guess, you know, the software that you've created, although software is pretty transient these days.
One nice thing about open source is that I think your software contributions maybe live on a bit longer than you would in a completely proprietary system.
I've had a number of students, as I mentioned, that I've interacted with over the years.
And I kind of can look in LinkedIn and see what they're doing, how they're changing the world.
But also people who I've worked with at various companies who have mentored me or who I have mentored, just knowing how they've affected me and how I've possibly affected them,
that is probably the thing that will survive beyond the end of my career longer. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.