McMaster Women in Tech: Marissa Benson
Marissa Benson is the November 2020 changemaker in the McMaster Women in Tech series. Developed by the Office of the AVP & CTO, ‘McMaster Women in Tech’ is a project that highlights and recognizes women tech changemakers within the McMaster community. Read how our latest changemaker merges psychology and IT security, shares cyber security tips and the importance of mentorship.
Name: Marissa Benson
Role/Current areas of work (both volunteer & career):
I am currently a Senior Systems Administrator on the Information Security Services team. I have worked in University Technology Services (UTS) department at McMaster University for the last 8 years.
I also volunteer with Women in Cyber Security (WiCYS) as a mentor and am a civil rights advocate (children’s online privacy, BIPOC and LGBTQ+ issues and people experiencing homelessness).
Area of Expertise:
- Vulnerability management
- Threat Intelligence
- Incident response
- Compromised accounts
- Malware analysis
Burning by Maggie Rogers
Podcast: Unlocking Us by Brene Brown
Book: “Data and Goliath” by Bruce Schneier
Remaining calm and focused in a crisis. Seeing connections between events and their root causes.
What encouraged you to pursue a career in IT Security
I have always had a passion for technology. While I was pursing my undergraduate degree in psychology and minoring in computer science, I worked in the IT department doing technical support for the staff and faculty.
It was during that time that I realized my love for technology as a career option. However, after graduating, I started working in the mental health field as a Counsellor. Though it was rewarding to work in that field, I knew that something was missing. I eventually went back to school and studied computer programming.
I have been in the field of information technology for almost 20 years now, and I’m so fortunate to have the opportunity to merge my two interests in cyber security.
Before joining UTS in 2013, I worked in both the private and public sectors. I was a Senior Technical Specialist at RIM/BlackBerry and a Systems Administrator for the Government of Ontario. Now, I have been working for McMaster for 8 years and was mentored by Paul Muir, Information Security Services Manager, and Alex Alvarez, Systems Integration Specialist, who both helped shape the cyber security professional I am today.
Share with us some of the daily tasks you work on as a member of the IT Security team. What do you enjoy most about your work?
- Performing security evaluation of hosts, networks and web applications by using manual and automated scanning tools
- Responding to security incidents and analyzing evidence pertaining to host and website compromises
- Server external access requests
- Maintaining Payment Card Industry Data Security Standard (PCI-DSS) compliance of virtual terminals and hosted pay pages
- Cloud Security risk assessments
- Secure Sockets Layer (SSL) certificate management
- Phishing response and remediation
- Educating users on risks and providing mitigation strategies
- Endpoint management
- Cyber Risk and Strategic analysis
I love the investigative nature of the work that I do. Seemingly small anomalies can end up being vulnerabilities. It really takes some creative problem solving because so many situations are different from the last. It challenges me — and I love to be challenged.
Part of that challenge is understanding the vast networks and infrastructure. This pushes me to keep my skills up to date and continually develop. I have since successfully written exams for Systems Security Certified Practitioner (SSCP) and Certificate in Cloud Security Knowledge (CCSK). Currently, I’m studying for the Certified Threat Intelligence Analyst exam.
I also personally find it rewarding to be part of a team that helps protect sensitive information, critical infrastructure and data. The team is finding malicious actors are trying to take advantage of the pandemic and remote work, so our counter activities have increased to ensure we have a secure network while many of us are off campus.
And again, the psychology aspect. I’m really fortunate that I get to combine two areas I’m passionate about into a single field. I love the behavioural aspect of what motivates individuals to carry out attacks. But also how people can be vulnerable to attacks. Cyber security is a very technical field, but a lot of what our team manages is a result of human behaviour and error. Many successful attacks are a result of successful social engineering — trickery and psychological manipulation so that people willingly but unknowingly hand their information to malicious actors. These can be in the form of phishing, such as executive impersonation, or a result of a weak password.
I love working for McMaster University and am very proud to be employed by an organization that is globally recognized and respected.
Any key IT Security tips we should all keep in mind?
Secure every part of your connected world. This includes enabling security on every device that is connected to the internet. Smart devices, like watches and TVs, are often forgotten, but those are connected too. Your mobile devices also need to be secure. You can do this by only downloading applications from trusted vendor sites and disabling automatically connecting to public Wi-Fi in range. For all your devices, keep your systems patched and software up to date, connect to wireless networks that use strong encryption and enable the local firewall.
Get in the habit of updating and locking down the smart devices the same day you purchase them. Many of the default settings aren’t very security conscious. It’s important to know what settings there are so you can make better choices about what is enabled, what needs to be enabled and what you can disable. For example, it’s good practice to disable microphones when not required on devices connected to the internet.
Set administrator passwords on everything. This can help prevent unwanted programs from executing and making changes to your device without your permission.
Social engineering and phishing are a reality for all of us. Email- and SMS-based campaigns are becoming increasingly sophisticated. The days of receiving the phish with obvious grammatical errors and typos are over. Scrutinize messages that you were not expecting and always hover over links to reveal the true URL destination.
Secure all your accounts and ensure that you create strong passwords that are long, complex, unique and secret. Another added measure is to enable multi-factor authentication (MFA) whenever possible. MFA can, for example, send a code to your phone for added security beyond just a password to login.
Manage your digital footprint. Get rid of accounts you no longer use. Understand privacy settings in social media can also go a long way.
Within the context of the technology landscape, how can women help other women?
Women can help lift each other up by mentoring and connecting with one another when opportunities arise. I have been inspired by a few women in technology, and hope to do the same for the future of cyber security. I find it rewarding to play a part in helping other women discover the field. I look forward to seeing the number of women cyber security professionals grow. I am fortunate to have such supportive and accomplished female leaders in Gayleen Gray, Assistant Vice-President and Chief Technology Officer, and Tracy Dallaire, Director of Information Security Services.
What is one key thing that men can do to be allies of women?
Men can advocate for diversity, inclusion and equality in the workplace. I am part of an incredibly supportive team, who motivates and challenges me. Paul Muir and Alex Alvarez have helped shape my career and for that I will always be very grateful.
As part of McMaster’s IT Strategy, stakeholders across the university shared ‘Digital Moments’ vignettes that capture what technology could look like for Marauders of the future. What does the future of technology at McMaster look like to you?
I envision the McMaster community embracing new trends and being leaders of technical innovation. I expect AI to be embraced on campus. There is a huge opportunity for enhancing students learning experience by delivering educational content tailored to the students’ needs.
I envision a future of personalized medicine. A data driven understanding of treatments and how effective they are for a specific patient. Personalized and predictive medicine and health care will become a reality.
I envision block chain being utilized in research where intellectual property is recorded and registered.Change Makers, News Category