The Berkeley School of Information (I School) and the Center for Long-Term Cybersecurity (CLTC) are pleased to announce that Joanne Ma, an Interdisciplinary Studies major at UC Berkeley, David Ng, a graduate student in the Master of Information and Cybersecurity program at the School of Information at UC Berkeley, and Nikita Samarin, a second-year Ph.D. student in Computer Science at UC Berkeley, have been selected to represent CLTC and the School of Information as RSA Conference Security Scholars at the RSA Conference 2020, which will run from February 24–28, 2020 at the Moscone Center in San Francisco. As RSAC Security Scholars, these researchers will connect with leading experts, peers, and conference attendees to share knowledge, experience, and connections to enrich the discourse on how to stay ahead of cyber threats. We interviewed Joanne, David and Nikita to learn more about their research interests and hear their thoughts about this opportunity.
Answers have been lightly edited for clarity
Joanne Ma
Joanne Ma is a senior from San José, CA and is an Interdisciplinary Studies major researching the implementation and impact of surveillance states in both China and the US. She’s especially interested in how our digital doubles (the aggregation of our personal online data and the algorithmic decision-making based on those digital doubles) have shifted our relationship with our analog selves. She is a Human Computer Interaction researcher at the Center for Long-term Cybersecurity (CLTC), where she investigates how normative values about security are formed and communicated in product development in industry by both product managers and designers. At the Berkeley Division of Data Sciences, she is integrating human context and ethics curriculum into existing Data 100 and CS 189 coursework and lectures to ensure students have opportunities to critically think about the social implications of the technologies they build. She also works on the Growth and Global Adoption team to strategically expand the Data Science major at universities internationally. She is an Ingenious at Mozilla x Tactical Tech, where she helps run The Glass Room SF, an international pop-up exhibition that explores how technology and data are shaping our perception, experiences, and understanding of the world. On campus, she serves as the executive director for Girls Teaching Girls to Code, and is the finance director for Hack the Bay (Cal Hacks). She enjoys collecting East Fork pottery and is making a mental list of all the best places to get croissants.
Why did you apply to be an RSAC Scholar?
I am incredibly fortunate to be contributing to one of the best places to conduct cybersecurity research. However, I recognize that our work at the center just begins to scratch the surface of all the security research being done. Being a RSAC Security Scholar allows me to build community, find new research collaborators, and establish long-term relationships outside of Berkeley. Our varying perspectives, experiences, and expertise can bring to light different issues that we may not have considered while siloed apart.
As one of the few undergraduate researchers at CLTC, both my dedication to interdisciplinary lenses and my identity shape how I conduct research. My roots in community organizing and social justice work (Asian Law Alliance) leads me to believe that intersectional security—security that serves and protects everyone— requires a long-term strategy that comes from a genuine interest in the recruitment, support, and retention of historically under-represented groups to tackle on-going and forthcoming harms in technology. My identity as a first-generation college student and a first-generation Chinese American woman has helped ground me in the work I do. It ensures that when I design, or write, or build, I’m critically thinking about the power structures of who is allowed to build, to whom things are built for, and what I can do to make for a more inclusive and safer world.
What are your primary research interests?
I’m interested in understanding how designers and product managers understand their role in security when building technologies at scale. I’m also interested in data rights, privacy, design practices to mitigate risk, and values in designing security systems.
What do you think are some of the most important emerging areas in cybersecurity?
One of the most important emerging areas in cybersecurity is how non-cybersecurity experts and organizations with limited technical resources will cope with adversarial AI (deep fakes, mass surveillance, identity). Moreover, cybersecurity threats can be amplified with potential technologies like quantum computing, which will mean all things secured by encryption become insecure. What threats and harms will we face when our biometrics are perceived to be the only form of “valid” identity verification? Biometrics like facial recognition and gait-tracking can easily be spoofed with deep fakes. How will these threats be mitigated, if at all?
What are you most looking forward to about the RSA Conference?
I’m looking forward to hearing more talks on identity, especially in the future of authentication. After the talks, I’m excited to work through takeaways with other RSA scholars to better understand the relationship between trust, digital identity, and data security. I’m also looking forward to learning more about the varied cybersecurity challenges globally where cybersecurity threats are not accounted for through governmental structures or even in technology companies.
David Ng
David Ng is a first year graduate student at the UC Berkeley. He is currently studying in the Master of Information and Cybersecurity program at the School of Information. While in graduate school, David is a full time working professional at PricewaterhouseCoopers as a Senior Manager of Application Security where his team provides security solutions and strategy for internal member firms. Previously he was at a venture that spun out from DreamWorks Animation where they built 3D rendering platforms for companies such as Nike and Burberry. He previously studied Computer Information Systems and Philosophy at Cal Poly Pomona.
Why did you apply to be an RSAC Scholar?
I applied to become an RSAC Security Scholar because I wanted to fully immerse myself into the research community at UC Berkeley. This scholarship opportunity allows me to meet with top professionals and scholars in cybersecurity who will teach me invaluable knowledge and provides a chance for me to share my research interests. Since I was admitted to the I School, I have taken advantage of the resources and brilliant-minded people this great research institution has to offer. I am very grateful to CLTC and the School of Information for selecting me as one of their scholars.
What are your primary research interests?
My research interests include cybersecurity policy/law and how organizations have to assimilate to current day security strategy and architecture.
What do you think are some of the most important emerging areas in cybersecurity?
Artificial intelligence (AI) is one of the emerging areas that I am interested to see evolve as we head into an unknown security landscape. There is no doubt that AI is and will play a large part in everyone’s lives, I am curious to see how policy makers and engineers will shape this technology to improve society.
What are you most looking forward to about the RSA Conference?
I look forward to meeting world class cybersecurity professionals and learning how they are securing our data, systems and privacy. I am also excited to meet my fellow Security Scholars at this conference and to see their research posters.
Nikita Samarin
Nikita Samarin is a second-year Ph.D. student in Computer Science at the University of California, Berkeley advised by Serge Egelman and David Wagner. His research focuses on computer security and privacy from an interdisciplinary perspective, combining approaches from human-computer interaction, behavioral sciences, law and policy. Samarin’s current research projects examine (1) the security behavior of underrepresented and vulnerable populations, (2) challenges to adoption of multi-factor authentication, and (3) compliance of mobile apps with privacy regulation. Past projects investigated the security of machine learning algorithms and biometric authentication. Samarin is currently a research assistant at the International Computer Science Institute (ICSI) and a graduate researcher at the Center for Long-Term Cybersecurity (CLTC). Previously, he has also worked as a research assistant at École Polytechnique Fédérale de Lausanne (EPFL) and the University of California, Irvine. Samarin holds a BSc in Computer Science from the University of Edinburgh.
Why did you apply to be an RSAC Scholar?
This year I had the opportunity to attend the 2019 RSA Conference where I met leading industry experts and participated in networking events with other security and privacy professionals. This provided me with first-hand experience of the problems faced by companies working on cybersecurity solutions and the significant dissonance that exists between the industry and academia when it comes to solving these problems. I would like to contribute to reducing this gap in understanding by presenting academic work at the 2020 RSA Conference that can address real-world problems faced by the industry.
What are your primary research interests?
My primary research interest is usable security, focusing on how to design and build secure systems with a human-centric approach.
What do you think are some of the most important emerging areas in cybersecurity?
First, as artificial intelligence and machine learning becomes ubiquitous in many aspects of our lives, we should be wary of unintended consequences that it brings along, especially when it comes to security and privacy. As demonstrated by recent research, machine learning solutions can be easily targeted by adversaries, who can circumvent their operation and leak personal information of users. A lot more work can be done in ensuring the security of machine learning algorithms. Second, we should never forget about the human and social factors. Over and over again, designers of ‘secure’ systems fail to take into account the mental models of their users. This leads to solutions that are “insecure by design”, as they place an extra cost (in terms of time, attention, memory, etc.) on the users to make use of the protections. We should always aim, therefore, to keep the humans in the loop when it comes to security and privacy.
What are you most looking forward to about the RSA Conference?
I am looking forward to meeting other security and privacy professionals at the conference, and getting to know more about current and future challenges in cybersecurity.
