Katherine Cancelado is a cybersecurity consultant with over 3 years of experience in penetration testing, vulnerability assessment, and incident response. She has an MSc in Cyber Security and certifications in system security and digital forensics. The document discusses cybersecurity and privacy risks women face online due to their underrepresentation in cybersecurity fields and management of personal data. It provides tips for protecting personal information at home and work such as using encryption, anonymizing internet use, and securely disposing of unused data. The agenda covers women in the workforce, online risks, privacy and data protection, mitigation strategies, and takes questions.
2. About me:
Katherine Cancelado
Consultant
Cyber Risk Services
Deloitte Dublin
Tel: +353 1417 5723
Email: kcancelado@deloitte.ie
Katherine is a Computer Science and Information Security Professional. She has always
been interested in technology with a particular focus on cyber security over the last
decade. She has over 3 years professional experience in penetration testing and
vulnerability assessment. Additionally, Katherine has over 3 years experience as a
network analyst, threat content creator and very recent experience in incident response
for a multitude of global companies.
Katherine lectured “Cyber Security“ at Javeriana University Colombia and has participated
in numerous infrastructure and application penetration testing assignments, including:
• Several web and network penetration tests for global organisations and financial
services within South America, United Kingdom and Ireland
• Worked as perimeter threat content creator for an American company in Colombia and
United Kingdom
• Penetration test, vulnerability assessment, incident response and forensics in the
financial sector of a “Big 4” firm
• Networking and system administration for an American company in Colombia
Qualifications
• MSc. In Cyber Security from “Universidad de
la Rioja” Madrid, Spain
• B.Eng. In Computer Science & Engineering
from “Universidad Pontificia Bolivariana”
Santander, Colombia
• System Security Certified Practitioner - (ISC)²
• Certified Digital Forensics Analyst – REDLIF
Main industries
• Bank, Financial and Insurance Companies
• IT and Telecommunication
• Education
3. Agenda
• Women at work
• Risks on Internet
• Privacy, Cybersecurity and Data Privacy
• What can you do?
• Questions
• References
5. Women at Work
According to the United States Bureau of Labor
Statistics, 46.8% of professional positions are held
by women[1].
The table [2] on the right shows the different
percentages of women employed in each
professional sector.
Cyberjutsu[3], a non-profit passionate about helping
and empowering women to succeed in the
Cybersecurity field also offer an interesting statistic.
Only 11% of the information security workforce are
women.
The problem is not just the fact that women’s
representation in computer science related subjects
is low. It is that sometimes, the lack of computer
and information security awareness leaves women
vulnerable to cyber attack.
Therefore driving the voice around cybersecurity
and privacy, have never been more important for
ourselves and our female peers.
In the end, no matter what our role is, the data we
look after/ manage is what makes us an ideal
target.
Women and Internet Professional Occupation Women
Medical and health services 73.7%
Human resources 73.3%
Social and community service 67.4%
Education 65.7%
Public relationships and fundraising 59.2%
Advertising and promotions 53.6%
Lodging 53.5%
Property, real state, and community association 50.9%
Financial 49.6%
Administrative services 47.7%
Food services 47.1%
Purchasing 44.8%
Marketing and sales 43.2%
General and operations 27.6%
Computer and information systems 27.2%
Cybersecurity 11%
[1] https://www.bls.gov/cps/cpsaat11.htm
[2] https://www.bls.gov/opub/ted/2016/39-percent-of-managers-in-2015-were-women.htm
[3] http://womenscyberjutsu.org/
6. Information we manage
The information we hold
Personally Identifiable Information
PII is any information that can be used to identify a person; for example, your name, address,
date of birth, national insurance number, and so on.
Protected Health Information
PHI is defined by the Health Insurance Portability and Accountability Act (HIPPA) and
comprises any data that can be used to associate a person's identity with their health care
Financial Information
Banking/ transaction history, credit rating
Sensitive information:
National Insurance Number/ PPSN, driving license, financial accounts, medical information,
electoral record
7. Information is money!!!!
According to Breach Level Index[4],
data records have been found to be lost
or stolen at the following frequencies:
Every day: 4,504,712
Every hour: 187,696
Every minute: 3,218
Every second: 52
Even worse… Only 4% of these
breaches were ‘secure breaches’
(encryption was used and the stolen
data was rendered useless). 35.19%
15.46%
11.82%
11.46%
4.40%
3.48%
1.12%
Technology
Other
Retail
Government
Financial
Healthcare
Education
Data Records Stolen or Lost by Industry
[4] Data Breach level Index http://breachlevelindex.com/
9. Risk on Internet
• Identity thief
• Phishing
• Fraud
Social Engineering
• Websites that appear to
be something they are
not. Phishing websites
• Obfuscation, masking,
iframes, clickjacking,
injections
Trojan websites
File sharing and privacy
• Viruses
• Spyware
• Adware
Malicious Software
Risk:
The likelihood of
“something bad”
happening and causing
financial and/ or
reputational damage
• Information Overshared
• Peer to Peer (P2P)
• Torrents
11. What is Privacy?
[5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568
12. Cybersecurity and Data Privacy
Cybersecurity is the
conjunction of good
practices, tools, concepts and
measures taken to protect a
system, platform or person.
“Privacy is a fundamental
right, essential to autonomy
and the protection of human
dignity, serving as the
foundation upon which many
other human rights are built.”
[5]
[5] Privacy International – What is Privacy? https://www.privacyinternational.org/node/568
Cybersecurity and data privacy
are not the same, but should
always be together.
14. What Can You Do?
Personal
information is like
money
Value it
Protect it
Common sense Share with
care
Anonymise
your
Internet use
Check
Secure
Browsing
Classify your
data
Examine privacy
policies
Uninstall
unnecessary
software
Use
encryption
Not everything
is visible!
Remember that
the Internet is
an extension of
our “real” life
15. What Can You Do At Home?
Share with care
Do not reveal personal
information unnecessarily.
Terms & Conditions may not
apply to you. ;-)
02
01
Classify your data
All data is not equal. Treat
different life streams
separately; home/ work,
spouse/ children,
private/ public.
04
03
05
06
Anonymise your Internet
use
Stop sharing your location
and using add-ons.
Connect anonymously.
Uninstall unnecessary
software
Bloatware/ pre-installed or add-
on software (e.g. toolbars)
usually contains unwanted
processes and should be
removed.
Secure Browsing
Regularly clear your browser
history and cache, check for
secure connections (HTTPS).
Common sense
Always be aware of your
actions, a single click or tap
can have serious
consequences.
16. What Can You Do At work?
Do not take work to home
Physical and digital work
assets are a target outside
your place of work.
02
01
Remove unused software,
services
Limit use of software and
services to essentials.
04
03
05
06
End-to-End encryption
Ensure all start and
endpoints of electronic
communications are
encrypted to mitigate man-
in-the-middle attacks.
Document / Record
Everything
Ensure there’s a paper trail in
case something goes wrong.
Data retention
Comply with the law but
ensure useless data is
destroyed.
Think GDPR.
Security Awareness
Give the appropriate
cybersecurity training to your
employees, ask about your
data management
expectations.
17. Questions?
“The art and science of asking questions is the source of
knowledge” - Thomas Berger