Becky Bace
Pay no attention to the (uppity) woman behind the curtain…
Hi, my name is Becky, and I’m a security lifer. I’ve been offered the opportunity to initiate and, over time, carry on a conversation with the members of the New York chapter of ISSA. It’s my privilege to accept this kind offer and this missive is intended to introduce me to you.
I was first labeled a “security lifer” about 25 years ago by several members of the group who are responsible for seminal work in information security. In particular, the venerable security greybeards James P. Anderson and Robert Abbott were my mentors and gave me my “lifer” label. I entered the realm in the mid 1980s as a programmer and systems engineer with the National Security Agency, and found my life’s calling in the late 1980s when I transferred into the research group of the National Computer Security Center. There, I assumed responsibility for the intrusion detection research program. I chose to coordinate the multiple discrete IDS research initiatives scattered across the intelligence community and Defense Department, pulling them together into a national research community that produced technology that was successfully transferred to the commercial realm. I’m especially proud of the early academic programs that were funded by my program, and the power of the community that formed around the mission area. As encores to this tour of duty, I served as deputy CISO for the computing division of the Los Alamos National Laboratory, where I learned to respect the expertise and dedication of security officers and their staffers.
A series of serendipities put me on the road to Silicon Valley in the late 1990s, where the dot com boom was in full force. I formed a consulting practice there and worked with customers with a wide range of security needs. I also wrote a book on intrusion detection which allowed me to document the lessons learned in leading the community in the 1990s. The book reflects one of the themes of my career – in researching the history of computer security-related technology, I realized how much really good work had been done -and promptly forgotten – in the area.
Another serendipity resulted in my joining the venture capital world of Silicon Valley when the convergence of the dot com bust and the events of September 11, 2001, made the commercial viability of the security products industry a reality. In my eight years with Trident Capital, my team underwrote many successful security technology firms, and I learned more about the successful transfer of good technology to commercial product and service markets. In 2009, I took a year out to work with In-Q-Tel, the investment arm of the intelligence community, where I helped them build a new security investment team. At the end of that year, I returned to private practice, where I focus on strategic issues associated with the cyber security and related realms.
What can you expect from this column? I’d like it to represent a mix of commentary on events of the day, news of developments that might be helpful as you tackle a pressing issue, and perspectives on fellow community members who take on noteworthy efforts. As I very much want this to be a conversation, I’d welcome your comments and requests. Here’s to a productive experience for us all!