Interview with Marie Moe, research scientist at SINTEF ICT and Security Diva at Honeynet Workshop in Stavanger
17 May 2015 Roberto Tanara workshop
Marie has a Ph. D. in information security and is passionate about incident handling and information sharing. She has experience as a team leader at NSM NorCERT, the Norwegian national CERT. Marie also teaches a class on incident management and contingency planning at Gjøvik University College.
What was your motivation to enter Information Security field, and who inspired and helped you along the way?
I didn’t intend to become an infosec professional, I just let my interest, talent and curiosity lead me along the way. When I started university I chose maths and physics because I had been to an educational fair and talked to a cool lady with a degree in bio-physics who did research on how to cure cancer. Then I discovered that I had more talent and interest in mathematics than in physics and I ended up doing my master thesis on algebra and crypto-analysis, which was really fun! A very inspiring professor in algebra, prof. Idun Reiten, was one reason that I went in that direction. I wanted to do a Ph.D., but not in abstract algebra as that quickly became a little bit too abstract for me. I was then lucky to get a Ph.D. position at the Telematics department doing infosec research, and that was what brought me into this field.
How do keep yourself motivated in this line of work and how do you handle the competition & failures?
I have a strong inner motivation to learn new things and to take on challenges. If someone gives me the choice between two tasks I will always go for the more difficult task. My career so far has taught me how little I know and at the same time how to gain access to the know-how that’s needed. I love to collaborate with others and to be part of a strong team. As a woman in a male-dominated field I have the advantage of standing out and being noticed, this can of course go both ways. Sometimes it can be fun to surprise people that have a certain perception about women in IT, other times it can be boring to always answer to the same questions and misconceptions.
Why is Global Honeynet Project important and why should people support this cause?
The Honeynet Project aims at making the Internet a more secure place by learning about attack methods and developing open-source tools, what is not to like about that?
What is your talk about and why people should join the event?
My talk is about incident handling, with the perspectives from a national CERT focused on combating digital espionage.
What Security issues are being exploited and how to counter them?
Technical, organisational and human vulnerabilities are being exploited by a wide range of attackers. To counter this we need to build security in to our systems and processes in all these aspects. This is a very challenging task and that is why we should also be focused on detecting and responding to incidents. Collaboration and information sharing is also a very important part of this, we need to stand together as a security community to be able to face this global threat.
How does your talk impact today’s security scenario?
I hope to give the audience some new insights into incident response based on lessons learned from various intrusions where NorCERT had a role in the incident coordination.
What are your suggestions for upcoming professionals?
Work hard, stay curious, join the security community and do not be afraid to engage into conversations and ask “silly questions”.