From the course: DJ Patil: Ask Me Anything
How do you expose holes in cybersecurity?
From the course: DJ Patil: Ask Me Anything
How do you expose holes in cybersecurity?
(upbeat music) - [Interviewer] If you were to start from scratch, rebuilding someone's data security protocol, what are some things that you feel absolutely need to be in place? - So one of the things that we're working on right now is what does it look like to actually build these systems knowing that somebody is always trying to break in or attack? These systems were designed from a premise of almost utopia, of like, people are all good, the intent is good. It wasn't really thought about like, well, how's a bad person going to abuse this? How are people gonna break it? So we have to rethink that paradigm. One of the things that is in there is this question of when you're building one of these products, of actually going through what's called a red teaming exercise, which is saying, okay, let's pretend we're the bad guys and let's see what happens. There's a version of this that companies do right now, which is called bug bounty programs, and a bug bounty program is you say, hey, let's invite people to come in and attack us, and if they can break in, we give them a bit of money for their efforts. So, we set up a version of this, by the way, at the Pentagon, and we asked, hey, let's go get some of the best hackers out there. If you want to come and try to attack the Pentagon, come on at it, see if you can hack the Pentagon. The program was literally called Hack the Pentagon. To which you can imagine what the lawyers first said, is you want to hack the Pentagon, and you want to invite the world to hack the Pentagon? We said yes, and so the first answer was like, well, if you invite these people to hack the Pentagon, then the bad guys are gonna go figure out how to hack the Pentagon. Well, the answer obviously is they already know. So we got this program off the ground with Secretary Carter, and guess how long it took for the first vulnerability to be filed? Minutes, about 13, 17 minutes. Well, one of the people who filed six vulnerabilities was this kid who literally was taking a break from studying for his AP, his advanced placement computer science exam, took a break, and was like, hey, I wonder if I could break into the Pentagon. And found six holes. So how does this happen? Well, you have one system talking to the other system, updates, you've got these layers and layers. Some systems are really old, some are new. They don't necessarily know how to talk, so you've got this patchwork, and that patchwork is invisible. It's sort of hidden in digital layers. And so the only way we know right now is to invite people in to say, hey, look, did you find something? And this is a paradigm that's taking off. But there's a broader point in what you're saying, is we don't even know what data we're giving up. You know, in the terms of service, you get this long, giant legalese. It's not really helping you explain. You don't get to say well, maybe this, maybe not that. We haven't had that discussion of what appropriate use is. We're starting to, because rules are being put in place by certain countries. The EU has what's called GDPR, California has just passed a ruling, but more of that's happening, but that's a discussion that is coming pretty late in the process. (upbeat music)
Contents
-
-
-
What were you like as a kid?3m 17s
-
How did your parents influence you?1m 55s
-
How did you navigate college?4m 7s
-
What are some fond memories from grad school?2m 45s
-
How can we foster learning for everyone?5m 9s
-
What's the importance of learning liberal arts?2m 30s
-
What advice do you have for job seekers?3m 23s
-
How did data science come about?4m 8s
-
What does it take to be a data scientist?4m 1s
-
Why is apprenticeship important?3m 41s
-
How can a data scientist influence policy?2m 20s
-
How can I prepare for data science in college?4m 56s
-
How can hackathons benefit me?1m 30s
-
How did you use data in grad school?2m 15s
-
How is data used in the US?3m 55s
-
How is data used worldwide?1m 38s
-
How do you expose holes in cybersecurity?3m 32s
-
How can we educate people about hacking?2m 30s
-
What are the real threats to personal data?4m 6s
-
Should we focus on media headlines?1m 39s
-
How can we educate people about data use?3m 34s
-
How can people fight for data privacy?2m 46s
-
What's the role of the data scientist in 15 years?4m 30s
-
What are you working on currently?3m 31s
-
How can we make data secure?3m 26s
-
How to serve the people with data science?1m 47s
-
What's the difference between wisdom and experience?1m 54s
-
How do you advocate for science?2m 3s
-
What is the role of AI in today's world?2m 54s
-
What's an example of ethical hacking?2m 9s
-
How do you bring data science into the workplace?2m 29s
-
What is the role of AI in human resources and recruiting?3m 3s
-
What are tools every data scientist should own?2m 44s
-
Is there a data science code of ethics?4m 6s
-
What are AI threats in the cybersecurity world?4m 38s
-
How can data scientists better inform the general public?1m 30s
-
How can people participate in data science?2m 31s
-
Why do people fear a machine revolution?2m 18s
-
How can data inform healthcare?1m 31s
-
Why should we democratize data?2m 14s
-
How are you advocating for science?3m 9s
-
Why is the march for science important?3m 42s
-
What is AI?1m 37s
-
What is an example of robust machine learning?4m 31s
-
What is AI's place in healthcare?3m 29s
-
How can AI impact clinical trials?3m 22s
-
How can a data scientist be best leveraged for business?1m 28s
-
What does a data science team need to thrive?2m 56s
-
What are the pros and cons with AI in HR roles?3m 27s
-
What should be in a data scientist's toolbox?3m 23s
-
What makes up a good data science team?2m 3s
-
What new projects are you working on?2m 51s
-
What data science projects are you working on?1m 40s
-
How can AI and machine learning (ML) help cybersecurity?3m 54s
-
How can governments fight back against AI attacks?3m 5s
-
What can the public do to protect against AI attacks?1m 14s
-
What are neural networks (NN)?2m 8s
-
What's the difference between ML and NN?1m 42s
-
Do you have a favorite machine learning technique?1m 7s
-
How does the Internet of Things work?1m 38s
-
What is a connected city?3m 3s
-
What is the fear associated with data?2m 30s
-
How can we address the fear of machines taking jobs?3m 20s
-
What about job loss due to AI?1m 43s
-
What's the reality of bringing back jobs?1m 50s
-
What is a scientific process for data science?2m 46s
-
What is your tip for not getting overwhelmed by big data?1m 40s
-
How do you accept that you're not going to know stuff?2m 38s
-
What is a dynamic range?2m 1s
-
When does data leave holes?3m 8s
-
How important is diversity on a data science team?2m 13s
-
How does data influence people's emotions?4m 15s
-
How do you train yourself to be intellectually curious?2m 20s
-
How do we empower people to foster dialogue?3m 33s
-
What is your philosophy on leadership?2m 56s
-
How can a company retain employees?3m 42s
-
How do you cultivate employee development?3m 18s
-
How do you identify algorithmic biases?2m 46s
-
Can you describe the process of ethical testing?2m 46s
-
How do you feel about machine learning for business decisions?1m 52s
-
Can you talk about your book?4m 10s
-
What are possible solutions for displacement?2m 23s
-
What impact does technology have on the US economy?3m 2s
-
Can you discuss the future of intelligent things?3m 26s
-
What are the current issues with data collection?2m 10s
-
How is technology changing human expectations?1m 7s
-
Wrapping up1m 5s
-