Katie Boswell on AI security and women’s rise in cybersecurity
Katie Boswell spent years on the front lines securing the most critical national infrastructure in energy and life sciences. Yet, earlier in her career, she was told that senior leadership was not for her if she planned on becoming a mother. Despite early gender-based criticism she persevered and now, her experience puts her in the ideal position to discuss reinforcing the security and resiliency of systems and infrastructure.
She spoke with the Left to Our Own Devices podcast about what we can expect for tomorrow’s cybersecurity workforce and what she’s doing to help raise the position of women in cybersecurity roles. As a leading voice in AI security, Katie shed some light on how encouraging women to join the cybersecurity revolution today is helping secure the products of tomorrow.
The future of AI security
Today’s AI revolution is continuously swelling with new ideas for commercial and personal use. However, integrating these new models into new industries also introduces a lot of risk to these robust systems.
“AI has been brought into the mainstream – and it will be everywhere. OT systems are very challenging. In the US, we have regulations for utility organizations alongside grid modernization programs, where we’re thinking about how to move energy safely and efficiently,” said Katie. Regarding AI, she continued, “It’s everywhere, and it’s not industry specific. It will truly change the way we work day to day.”
This puts extra strain on organizations as they embrace AI in their day to day operations but struggle to fill their cybersecurity employment gaps. One thing is clear, the growing popularity of AI requires the product security world to make even more adjustments to their security strategies, including looking for new ways to recruit rising young men and women who can address the challenges of tomorrow.
How to keep up with security without getting in the way of rapid innovation
“Innovation is why we’re in technology, right?” Said Katie. However, the other side of that is acknowledging that threat actors are continuously innovating as well.
Manufacturers of mission-critical devices must ensure uninterrupted uptime, allowing them to patch, mitigate, and update products’ cybersecurity posture. “KPMG recently spun out a product called Cranium. Cranium is going to give organizations real-time visibility into what’s happening with their AI models as well as providing the accreditation of their security,” Katie adds.
As the EU begins demanding greater transparency into AI models, we plan to see a demand for more in-depth SBOM management to identify vulnerabilities between components, product lines, and business units– as well as understand how specific models are trained. One thing that can provide peace of mind for people, organizations, and governments looking to protect themselves and others is compliance certificates. This can only be achieved by understanding and standardizing AI models and systems with access to confidential data.
As some models are trained on unrecognized bias towards women or other groups, it’s important to have female engineers on the front line preventing drift and keeping the algorithm focused.
“We’re catching up with how we’re going to govern and maintain AI in the face of new and evolving risks,” Katie adds.
Mitigating security concerns amid the rising popularity of AI and machine learning
With countless different use cases in the news every day, the goal is to establish trust in AI systems. Ultimately, AI security is a combination of understanding how you are using AI models, what happens with them after they go into production, and what security measures you’re relying on.
AI has been used in precision medicine and critical infrastructure support for a while. Now, as AI expands into other industries like wildfire, manufacturers of connected products are still struggling to understand what exactly is inside their product software. More importantly, they need to understand the risks associated with not knowing.
“Security experts need to understand the overall AI lifecycle and how AI models work and that those conversations are only really just starting to happen in some organizations, especially those who are newer getting involved with AI,” said Katie.
Emphasizing the need for businesses that are new to AI to define specific frameworks to their needs, industry, ecosystem, and available tools, Katie continued, “NIST, for instance, has an AI risk management framework. MITRE has an Atlas knowledge base. Those tools are powerful when they’re applied thoughtfully. That’s going to make a big difference.”
How to secure AI systems during the development process
Organizations should understand that secure design processes need to be implemented early on. This requires collaborating with other teams.
Security professionals must collaborate with data scientists to better understand the diverging security concerns, privacy identity, access management, and information protection. Both data scientists and security need help identifying whether a model will require sensitive data and where that data will reside both in development and production. All of that needs to be considered to have a robust AI ecosystem.
“Security teams need to understand the AI life cycle and to provide recommendations to data scientists to ensure that data and AI models stay secure.
The world of an AI tomorrow
One thing we can be sure of surrounding AI is that we can’t even begin to imagine where they technology will take us in 10 years, 20 years, and beyond. To ensure it’s full potential is harnessed by organizations, companies must create spaces for new ideas to flourish within their organization, no matter the source.
While Katie Boswell found herself as an IT manager in Manhattan at the age of 19, she realizes that many women tell themselves they are not qualified if they don’t meet all the criteria of a job listing. At the same time, women increasingly applying for jobs they know they are capable of is a step for women of to today to increase their numbers in teh world of cybersecurity.
Katie encourages women to look at their overall accomplishments and not be afraid. “I encourage women to stretch goals and put themselves out of their comfort zone. Get connected. Grow your network. All of the opportunities that were presented to me were there because I had a network of people willing to bring me in. And I wasn’t afraid to take on new challenges. But above all, don’t be afraid to say, hey, I’m interested in that. I wanna give it a try,” she said.
The way we see it, our future may just depend on it.