Read a Transcript of Our Virtual Event with Trail of Bits
Science of Security: Virtual Networking with the Women Tech Leaders at Trail of Bits
*** This transcript provides a meaning-for-meaning summary to facilitate communication access and may not be a fully verbatim record of the proceedings. ***
Deveshe Dutt: Hello everybody! Good afternoon and good evening! Thank you for joining tonight's event. I'm Deveshe and I'm based in India. I've had the pleasure to work with Trail of Bits in the last several weeks.
Power to Fly is a women led company for highlighting women's roles in certain sectors. Power to Fly is proud to host virtual events to have the opportunity to learn. Over the past few years we've hosted in person and virtual events, with startups, online and in person.
We strive to foster honest conversations that foster conversation with women and allies. For the seminar today we brought together leaders who are in high end security research to reduce risk.
They take on difficult challenging, building new technology, reviewing the security of new tech products. I'm looking forward to learning more about this tech company.
With that, let's get started. We have a great line up of speakers today. Our panelists will introduce themselves shortly. We'll also ask panelists some questions. Today, we'll dedicate the second half of the webinar to your questions. Before I kick off with the formal agenda I'll go over housekeeping agenda to give us the best experience.
It's likely many of us are familiar with most of these tips since working virtually has become the new norm. I'll go over these points.
In case you have a bad connection, don't worry, you can call in from a landline. You can find the dial in in the audio panel. We ask you please mute when you aren't speaking. If you're comfortable have your video on, we'd love to see you. You can ask a question during the Q&A section. You can also visit Power to Fly to see daily virtual events, with career coaching, and other events.
This event is being recorded. Don't worry about taking notes. Last but not least we love feedback. We'll send over a 2 minute survey once this concludes and we love to hear from you.
Know this is a safe place. Type your question to the chat box or ask it live during Q&A. If you asked us something beforehand, we'll also touch on it.
We'll end by talking a bit about Trail of Bits. Now our panel introductions. Johanna, why don't you kick off our introductions by telling us a little about yourself and your role at Trail of Bits.
Johanna Ratliff: I'm a security engineer at Trail of Bits based out of Colorado. That entails me auditing various pieces of software for security vulnerabilities and delivering that to customers.
Deveshe Dutt: Thank you Johanna. I'd love to introduce Skylar.
Skylar Rampersaud: Hi. I'm working out of Washington, DC. I just started with Trail of Bits but I've been in security for 19 years. My job description is similar to Johanna's. I'm looking forward to answering your questions.
Deveshe Dutt: Thank you!
Claudia Richoux: Hi I'm Claudia. I'm new to Trail of Bits and new to the security industry. I'm still in college. I'm security engineer in cryptology team. I look at software and cryptocology protocols. Many things.
Deveshe Dutt: Thanks, Claudia. Let's wrap you up introductions by looking at CEO and cofounder Dan Guido.
Dan Guido: I'm CEO and cofounder, founded with 2 friends of mine, built it to the 50-60 folks working with us today. Excited to share our projects with you today.
Deveshe Dutt: Awesome Dan. We'd love to get into the keynote address. And hear about the projects you're working on.
Deveshe Dutt: Sure. You can bump it to the next slide.
We are a software and research company. We address computer problems to address everyone's use of technology. We're predominantly in tech and finance space. We are a small team of 67 people but on the other hand not many companies have that many engineers in one roof. We tackle really complicated problems. We're a hybrid remote company. Our headquarters are in New York. But since day 1 we employ people not in New York.
As we suffer in this pandemic, our transition is quite easy as we're used to working with people not here.
There's 19M in revenue, there are challenges to get to that size with the 2013 government shutdown. But our services are in demand for challenging projects. We never took money to get to that size. There are a lot of downsides to taking any form of investment that prevent you from working on projects you want.
We turn down a lot of work. There are projects I'm not interested in and I don't feel we need to answer to anyone. We are bootstrapped, we play with our own money.
The company is split into three teams. Security research, for long term research. Various branches of United States military, science foundations, research agencies. We use the work to give us sometimes a 4-year runway to make progress on difficult problems. We write academic papers, apply new research techniques, for the problems. We open source for the vast majority, if you're interested in that. A lot is on our blob or github. I'm not content leaving that in the DC beltleg. We bring that to the public as best we can.
Alongside that, we build software to prove the research techniques. We have competency for security engineering. Mostly that's security software, endpoint security tools. They need code written requiring specialized expertise. We're nothing but specialized experts. A lot of open source software is adopted to make it usable. We've also ghostwritten venture funded startup products. Or high insurance projects like embedded systems.
Finally, people give us code to help them understand where risks are. We don't look at people's firewalls and Gsuites and other configuration things that can go wrong with running a company, but the technology products they build. That requires mystery of computer languages and computer architecture and generally how computers work. We have a lot of folks we work with.
For a small company like ours, we need to specialize. We can't solve every problem under the sun. There are a lot of projects we turn down. We focus exclusively on product security. We only do low level engineering. Our research teach specializes in binary analysis. We have a cryptography team.
There are other things on the edges and fringes of these 5 bullet points but it's hard to justify doing anything else. We want to be the best in the world at what we are doing. These are things we're best at.
A lot of people recognize we're best in the world at what we do. It's been in the news a lot lately that we were hired by Zoom to work on a lot of the clients they have. The software you're using is something we are currently reviewing to address security issues. There are a ton of other firms we're proud to work with that gave us difficult problems to solve.
A key value of the company is we share our knowledge. We try to do that through many avenues. I mentioned our blog. You may have seen our twitter. The Power to Fly team tweeted beforehand.
We have resources and publications we made available. To help you understand things. We're specialized experts but you can fall in the trap of keeping it away from people who aren't experts. There's a wide gulf between experts and non-experts. You know everything or don't know much. We're doing our best for people to gain expertise.
Empire Hacking was the largest meetup in New York City which we can't have now. Maybe people on this call can join us again later. That's for others to share knowledge gain with a wider audience.
Instead of a real technical demo because all our projects are different we have some reusable tools and techniques we have developed and refined. But it makes more sense to think about it holistically and look at the project end to end and look at what people come to us with and how we help them.
Keeping up with the current moment and time, the big question is how will we vote in November? There's not a lot of certainty that people will be able to go to their local gymnasiums and pull all those levers and not get sick. So online voting is a discussion we are having around the country and we are at the center of that.
Our voting solutions are very important. We are at the center of this. There could be as little as 500 votes cast in an area. Just a single vote being wrong could determine the election. And the risks are higher.
If you were around in 2000 and we get down to a point in time where there's just 40 people in Florida deciding who is President, you want to make sure that the technology being used is accurate within those 40 votes. The vote is very high stakes. So we worked with Voatz. They were the market leader in voting. We did their security and used cryptography and mobile security and offered a combined package to look at the whole thing end to end.
This was revealing to them and to the public. Unfortunately, depending on where you stand, this has identified lots of security issues that people didn't know were present. It changed the national conversation around if these technologies are safe to use in November and if we need to use different methods that don't get everyone sick then.
This is a unique project. You can see the results public. Go to our blog and you can search and bring up the whole report. So if you want to know what it looks like, you can see it.
We thought that was very important. The public is as much a party to this conversation as the vendor is. We wouldn't even work on this project unless we could work on it publicly. So now I will stop speaking! You can go to the web and look at what I'm talking about.
Johanna Ratliff: We also did a Kubernetes Review for the Linux foundation. They are a massive code based project. They hired us as their first really holistic assessment from a security perspective. They chose us because we had applicable expertise in all sub groups that could apply. If you don't know Kubernetes they are in workload management software developed by google. And it's open source owned by the Linux Foundation. It's used everywhere right now in terms of workload management.
Doing this huge assessment of go projects like this, we did a in depth architectural review and threat model that surfaced the issues around the architectural vulnerability when things grow too organically and are that massive. You run into issues around maintaining the security of a project as a whole.
We focus on that architectural review and did kernel fault protection and manual review and assessed the default state of this, even the standing at Kubernetes can be difficult, so showing these limitations in scaling and default config, how secure or insecure it is by default and to make sure everyone running the software has this good security.
Speaker: It taught us lots about go. The problems we work on stress the limits of what we thought we already understood. We found new bug collapses in Go and we built tools to work in Go that we work in other projects.
Johanna Ratliff: Kubernetes is still open source so we still find bugs there and they request the report from Trail of Bits and look deeper into the issue. It has built up a whole lot of investigation into the software which is really cool.
Dan Guido: I think this was Claudia.
Claudia Richoux: Yes. ZCash is cryptographically difficult for people to learn about your transactions. Until recently I was on this project but they needed lots of people to dig into the crypto. There were iterations in this over 100 page documentation. It's not very accessible to casual users.
But we used our experience to check out the protocol and other protocols to make a more digestible white paper to help our users understand it better.
So that's ZCash. Then the other tool, OSQUERY is more the engineering team. It's a psych-ops that lets you turn your database into queries.
It's so cool. But it's under development. It was started by facebook and it works on everything. It scales well to larger organizations. It's so good.
But yeah, some things we have done include adding real time integrity monitoring to find malware. So if you can monitor that and know instantly you know there's malware on the fleet you can do something with it.
Monitoring the MTFS journal, you have to hack around that. In Linux it monitors Sis calls and for file rights and editing.
We did AWS that you can integrate with the data querying. I talked to a coworker about his tools in container introspection so you can use osquery there. But we make cool tools and do cool audits.
Dan Guido: I would like to explain that. I have been in this for many years and it's a real area of investment. When facebook developed this first, these companies just throw them out on the internet and then people use them and they don't work. Because you don't have the same problems that facebook has. So when they developed this they had to make it more useful and to make sure that others could use it. So they asked us to do that.
If they want to make this a successful end point security system it has to be accessible with Windows. So they called us!
Now the project is so big and enough parties of interested that it outgrew it's container at facebook. Trail of Bits was successful in moving this project from ownership by facebook to the owners in the Linux Foundation and so we determined the product direction. It's not a product, it's an open source repository so there's no infrastructure around it to determine where it can go. But we stepped in and offered that structure so people are confident in this project.
Sorry, but I had to make that point! Tell us about SIEVE.
Speaker: This is on the crypto team so I'm a little involved in this. It's a Darpa contract. We are working with Darpa --
Dan Guido: It's a program.
Speaker: So it allows these bug bounty hunters and then expect companies to pay them. But sometimes the companies are bad about that and they lie and not pay you. That stinks and makes the bug bounty hunters economy broken.
So I won't hand you how I broke this, but I will say I did and I will tell you know with zero knowledge proofs. These are protocols that were up to know used in things like ZCash. So you can prove that you have an exploit that runs on a computer without showing it. That's so so cool. But that involves representing the underlying logic of the code that's relevant to the export as a boolean circuit.
This gets us more equitable bug bounty programs and then publications that push that forward. We are working with Johns Hopkins. So that's one of our research projects.
Deveshe Dutt: Thanks all! That was fascinating. I know we will talk a lot more about some of these projects that you mentioned in the question and answer session. But I will ask some questions and then open it up to the audience. I see a few questions coming in. We will get to those.
Johanna Ratliff, I know you joined the Trail of Bits team a few months ago. What motivated your decision to join the company?
Johanna Ratliff: I have actually passed as a software engineer and did distributive systems building and was interested in security for a long time, learning on my own kind of thing.
I thought it would be fun to get paid for it! [Laughing.]
So I had an old coworker who introduced me to Dan after I had a couple of times throughout the years expressed interest in security. He was like, I know a guy! So that's what started the process of me joining the Trail of Bits team. I just liked to write software and play with it but from a security perspective.
Deveshe: That's awesome. I hope to hear more stories especially from our audience about how they joined their jobs they're really passionate about. Skylar, you're next. Security is a hot topic with everything we're doing online. What is one of the largest misconceptions about security today?
Skylar Rampersaud: In my experience, one the largest misconceptions is that there are no people like me doing security, that I won't get a mentor, that I won't do well because it's not for me. I got into computer science because there were scholarships for people majoring in that.
What I really found is that if you put yourself in a position where you're always learning as you work, and find organizations that really support their people in that continuous learning, then you can kind of build your career into what you want it to be. And then people will come to you and you don't necessarily have to wait for someone to recognize you. You are the one building your skills.
I think security as a field is good for that. You can really build yourself.
Deveshe: Wow. That was really insightful, Skylar. I'm sure the audience found that really helpful. Let's hear from Claudia next. How has security changed since you first entered the field? Where do you see it moving in the future?
Claudia Richoux: I'm 22, haven't finished college, mostly through. I started messing with cryptography at 16 when my friend asked. I started with hacker culture, it's become a lot less a free for all in some ways. And more so in others, with people hacking and people having to defend it. There is cybersecurity and it's not like a 16-year-old can just steal money from a bank. There's also so much more stuff on the internet. It's more integrated.
There's the internet of things or the reaper bot net. There's a lot more crappy code running around. That's interesting for someone interested in breaking into software. People are a lot more interested in security. There's also the cryptoanarchist movement, doing blockchain stuff. There's so much interest in privacy now that google makes money off our data. People are more interested in privacy. It's gotten more interesting. Even if you can't do it as you would 10 years ago.
Deveshe: You know what they say about fact being crazier than fiction. That's the case with what you described. Thanks for that, Claudia. There are a lot of questions coming in. First one, from Jan. Who wanted to it, have you been working with self-sovereign identity?
Dan Guido: I'll take that one. Not specifically. Trail of Bits is a services provider for security. If you are using weird blockchain you might find yourself at my doorstep because you don't know if the technology you made was safe. We've worked with the largest in the world, with weird lending protocols and people doing everything under the sun with blockchain. Can't point to one specifically. But if someone doesn't know if they can trust it and asks how much they should, we have expertise to help them.
It's just a matter of what other folks are doing. Whatever is hot and new, where people are pushing novel technology and the limits of what's possible.
Jan: You mentioned a research arm. Besides self sovereign identity or IOT, are you researching these areas? Or areas where you are already getting jobs? Is it led by what the marketplace asks for?
Dan Guido: Research team is different, they put out things they need solved. The United States government wants a way to disclose vulnerabilities without information on the vulnerabilities. We have a code translating into circuits. There's automated program analysis and stuff allowing us to understand what a binary system is doing. Sometimes by emanating electronic signals. We've looked at automated vulnerability research. Pairing a machine with a human brain to be faster than a human with their own two hands.
We are looking at automated patching. Given a description of a patch or information on an automated bug hunting system can we use information to correct the defect without interacting with a human. A lot is at the intersection of analysis and cryptography. A lot of the topics you dropped, spatial web and others, are outside.
We are trying to stay focused on software security. There are a lot of problems. I choose the ones I can solve. That's what I choose to focus efforts on.
Jan: You are choosing interesting projects. It makes me think of other ones in the world.
Deveshe: Thank you Dan. And Jan.
A little pivot to talk about the culture at Trail of Bits. There are questions submitted by the audience. Can you talk about the culture and how it approaches inclusion and equitable practices? Who'd like to take that?
Dan Guido: I don't know if people are waiting for me to take it.
Deveshe: Looks like it.
Dan Guido: I probably should have prepared but I'll do it off the top of my head. There are a lot of things. A lot comes from the cultural perspective of how we have always done remote work. You're judged on what you can achieve at the office. There are people I only see through a screen like this.
What am I trying to get at here?
Well I don't really know what I'm trying to say. I think from a cultural perspective, we really count on each other as a team. We try to be transparent and engage openly. We have a guide on how to be a project maintainer to help you see the perspective of someone using the product. So you have empathy for what they are going through. That courses through a lot of it.
There are company procedures in place. We've taken a step at looking at the employee handbook. Making sure there are systems for when issues arise. Sexual harassment doesn't take a back seat. We've made sure we're prepared. We want it to be a safe workplace.
Also how we engage with the public. When we list job recs we make sure there's not biased language so everyone has a fair shot and they can visualize themself in the role.
We look at the way we work with Empire Hacking. When we give talks we want to make sure it's representative of the community out there. We had a good run of 50-50 men and women. I was hoping to keep it up. But I don't think we can have the meetup this year.
We also offer family leave early. For a small company like ours that's not a google, we always offer parental leave. We are lax about how you can get your job done. I think that was what I was trying to get to at the beginning. If you have to leave for your personal life for a couple hours, it's no consequence to ours. You can get the job done however you have to.
I think that covers a lot of it.
Johanna Ratliff: I can add a couple things from what I noticed. It was a good interview experience. It was a remote interview around a holiday when I couldn't fly to New York. It was easy to manage a remote interview. Everyone spent the interview nerding out around cool things like Go. We spent the interview nerding out about the same kinds of edge cases and bugs that drive us up the wall. You get a feel from how it will be to work at the company.
For hours, it's very flexible. To be honest, when you have everyone around the globe-- there are people from Argentina to Poland. When you have everyone around the globe, time frame is based more on when you work best. Depending on pandemic, I might not be productive at 3pm. 2am might be my sweet spot! That's appropriate.
Dan Guido: A core value of the company is sharing knowledge. That invites people to the community who don't know they could be part of it. Doing engagements like this. "This field exists, you should participate." That's a big part of what we do. I target that to diverse audiences. This event is great, we've also participated in SummerCon. We gave them money to diversify speakers a few years ago. They provided it as grants to people for research before their talk. We reviewed those people to make them confident.
We have done lots of work with Women in Cybersecurity and other organizations. I'm not getting invited to too many Meet Ups these days, but I try to book extra when it comes to talking to young people or women or other diverse groups of people around what you can do in this field.
What might be engaging to you?
Deveshe Dutt: Thanks Dan, we are looking forward to you speaking at the summit, June 14th-17th with that diverse audience.
I wanted to go back to something that Johanna Ratliff brought up around this crazy time we are in, and a question around that.
Especially in the age of COVID-19 how do you maintain a strong work life integration and how does Trail of Bits support you in this?
Claudia Richoux: I can answer that. My manager is so chill. As long as you make the client meetings and get your work done, no one cares when you get it done. The pandemic is crazy and I flipped to nocturnal a few weeks ago. I get my code written up at night now.
It's chill. Lots of 9 to 5 jobs though, it's like when can I go to the doctor? I have to take the afternoon off and things are not open Saturday, so how do I do That?!
But at Trail of Bits it's so chill. Lots of people work from home 1-2 days of the week, or more. My manager is so flexible and my teammates are also on flexible schedules. We get Facetime together. But if you have a different work schedule we are flexible to that.
Dan Guido: I gets back to what someone else said where we already work with people in Poland. Not everyone can work synchronously. So our adjustment in the company happened many years ago.
We already record all our meetings so if you are not present, you can watch and we have meeting notes for those who weren't present can understand what happened. And opportunities for spontaneous connections. We set up random video chats with people.
When you work remote sometimes the only conversations you have with people are about work! So we force other conversations to happen because they are beneficial.
And from a transparency perspective, everything I do happens in a public channel and it's easy to keep up with even though I'm the CEO. You can keep up with all the projects. That helps people stay motivated and engaged and see everyone kicking butt. It's a nice common mindset that we are all here, doing what we have to do, even though there's crazy stuff going on outside.
Speaker: I'll say in addition, in terms of how we are handling COVID-19 and everybody's different reactions to that, we were already remote so we are rampage up the amount of Dan called them "forced Interactions" -- [Laughing.] -- between people so you can talk to your coworkers and feel like you are regularly seeing each other. Things like that.
One of the cool things is that we are open, depending on who you are, about mental health at this company. It's a small enough company still where you can say, "hey, I'm having a weird day." Then you hop on the coffee time call and Dan has brought alpacas!
That did really happen last week! So it comes from having that small company.
Dan Guido: I'll direct you to a Tweet that I made of pictures of the llamas. We have proof that I did that!
Deveshe Dutt: So it's not in your imagination! [Laughing.]
Dan Guido: But you got to keep things interesting. And I thought that might be fun.
Deveshe Dutt: Absolutely. Skylar I will call on you.
How does Trail of Bits compare to other jobs you have had in your security career?
Skylar Rampersaud: It's the best job.
Touching back on the remote from the start, in previous jobs I had to be the office, and develop a rapport and trust before I could work from home, or choose the areas that I wanted to research.
Coming into Trail of Bits it was, "what are your interests?" That's great. It aligns with what we want to do. So do it!
The work from home, work when you need to. It's done. It's not an issue.
I don't know if Jan or anyone else was interested in more technical aspects? Doing security assessments has gotten harder over the past 10-15 years. It used to be something you could do in an afternoon but now it's like multi-week projects. But that's not an issue for me personally. That's just an overall change that companies must shift to.
Dan Guido: And some people got good at securing our software! We have to work harder!
Deveshe Dutt: It's more challenging and that's more exciting. A question from Mercedes to all the panelists.
Bug bounty programs and how do these compare to [don't understand.]
Dan Guido: Bug bounties. I think lots of people lot at that and think it's easy. They think they can just throw up a website and say please, show me all the bugs and then the software will improve in quality over time.
People don't realize the problem at first. They reach out with open arms with a pile of bugs and someone walks up and punches them in the nose. They don't know all the insecurities and then they get this avalanche of issues. Then they handle it poorly and the communications are not well received and then it causes an issue.
Or the opposite happened what someone can't look at your software and then no one checks. Then you have this false sense of security. But was someone motivated enough to even look?
And this is tactical. When you do bug bounties the way you do it is drive bys. You try to find just a few bugs and you try to find these on every website on the internet. But that's not good architectural guidance or assessing risks or helping people improve. I like bug bounties are the last thing, and the final stage of the software maturity but lots do them first.
We have reviewed public research around bug bounties and put it on the blog On Bounties and Boffins. This was a journal article from data on facebook and Hacker 1s bounty program over 2 years and drew conclusions on who does the bug bounties and what their motivations are.
It's a purito [sp?] distribution. Some people find all the issues, but then there's a long tail of others that find one or no issues. So there's misinformation out there. Yes, there's the wisdom of crowds and many eyes looking at your code, but the reality is it's just 50 people! And that's it! But it shows in the data.
So how do you get one of those 50 people to look at your code? You need to structure the communication and plan how to engage with a high performer. So at Trail of Bits we take the opposite approach. It's not indeterministic if you will get information from us but we work with you to understand the end to end product and look at the structure and help you build a secure product. Then we can help you run a good bug bounty program.
I'll post the article in the chat, but I hope that provides some perspective on the bounties. Claudia, or Skylar, or Johanna Ratliff, other perspectives?
Claudia Richoux: Coming from my background and doing CTFs, there's a guarantee for a solution and I thought, oh bug bounties the same, but you don't know where to look towards in bug bounties. In CTFs it's directed and you get points. You know there's a prize. But with bug bounties it's not that fun. You don't know if you will find anything and you don't know where to look. You don't get the source code and if you find something, the company might just be rude to you and not pay you!
So as someone who breaks into things, I won't say that bug bounties is a waste of time, but if you are interested in breaking into things, do CTFs or white box reviews. You don't want to just poke around in the dark and not hit anything.
But I think bug bounties are a bit silly.
Dan Guido: In a CTF you know there's an issue. Once the competition is over, you have a solution. You can complete your learner cycle with a CTF, but with a bug bounty you look and look, And not find anything. No one reveals the answer to you.
If you are just starting, then CTF is the place to go. Hey, bug bounty is nice, and if you want to get a couple thousand bucks in a weekend, but it's more helpful to do the CTF.
Speaker: With knowledge ramp-up as well, the difference in what we do we don't always have source code. But the benefit of having it and mentally traverse a potential intended path and come at it from the security perspective and figure out, "okay, if I mess with it here, what's the entry point from outside the box?" But with bug bounties when you have that veil shading what's happening and you can't see the logic path they coded in, lots of it in my opinion is scatter shotting tools at the software to see what falls out. To me that's not as fun.
Deveshe Dutt: Skylar, this is the last question. I hope you can close us out. We want to hear what you have to say on this topic?
Skylar Rampersaud: I'm a little older, the web stuff is not what I'm interested in. If you want to learn about security of other things that's not web-based, you're really not going to get that in a bug bounty program.
That's where doing capture the flag exercises or finding some other training exercise to build up your skills is a lot more valuable than throwing a bunch of tools at a website hoping some bug will shake out.
Deveshe Dutt: Thank you for that Skylar. Claudia, we love that your dog just came to say hi!
Thank you so much, panelists. This has been really insightful and interesting. If we didn't get to your question, we'll do our best to follow up with you, you'll hear from us.
I want to tell you more about Trail of Bits. [Reading Trail of Bits description on screen]
This has been made evidently clear today. Trail of Bits is hiring. Even before this 50% of employees worked remotely. Many chose to work from home. It's in the best work from home companies 2020. Especially when you hear additional benefits include 3-4 months parental leave, charitable donation matching, and PTO. You can find out more by typing in Trail of Bits in your search.
Dan Guido: There's discrepancy on whether or not we're hiring. I'll throw roles online then we can close it down. The current business capacity is uncertain but we encourage folks to join, we're in a different spot than in march. After the call we'll open up a few positions, and take it one step at a time. Just like everyone else.
But I'm lucky that the kind of situation we've got ourselves into is, we've lost a couple clients. There were people paying us who suffered a lot from the pandemic and they can't pay us. But we also picked up remote work from technology companies who need us. We've had minuses and pluses. We are on a steady foundation for the rest of 2020. We'll carefully start growing the team again. I'd like to start with the folks here first.
Deveshe Dutt: Thank you Dan for your transparency at a time like this, nothing is more appreciated. As we wrap up today's chat, check out our many daily virtual events. Dan will speak at our virtual summit, the 14th to 17th of June. We'll be chatting about security. You can go to www.powertofly/summit to continue the conversation. You can follow Power to Fly on social media. Or visit the blog updated daily.
Thank you for being part of our discussion today and asking great questions.
The summit link is posted in the chat, feel free to join in. We'll send a short survey. We'd love to hear your opinions so we can continue to make these events. I hope you enjoyed the event. Thank you so much for joining us, have a wonderful rest of your evening. Stay safe. Bye bye.
[End of event]
*** This transcript provides a meaning-for-meaning summary to facilitate communication access and may not be a fully verbatim record of the proceedings. ***
Thank you so much for attending the June event in our 2022 Diversity Reboot Series, Pride: Championing LGBTQIA+ Leaders and Allies.
This three-day event was packed with great talks, amazing speakers, and was fully made possible by our wonderful sponsors.
Thank You To Our Sponsors:
Featured Topics Included:
- Transitioning As A College Athlete
- Asexuality: The Overlooked Letter in the Acronym
- The Military of the Future is Trans-Inclusive
- Supporting Queer People in Rural Communities
- A Leader, an Ally...What Does That Mean?
- Investigating The Intersection of LGBTQIA+ and Disability
Check out some of the work from our amazing speakers:
- Decolonizing Wealth by Edgar Villanueva
- The Educator’s Guide to LGBT+ Inclusion by Dr. Kryss Shane, MS, MSW, LSW, LMSW (she/her)
As part of our summit, PowerToFly was honored to make donations to the following organizations:
We all have our favorite websites– the ones we frequent, bookmark, and recommend to others. You might even enjoy some website features so much that you’ve found yourself wondering why they aren’t more popular. Or maybe you’ve experienced times where you were frustrated with a website and wished you could add features or even design your own!
If you’ve ever found yourself intrigued at the prospect of designing and developing your own websites, then a career as a web developer might be just for you!
As a web developer you would be responsible for coding, designing, optimizing, and maintaining websites. Today, there are over 1.7 billion websites in the world and, in turn, the demand for web developers is on the rise. In order to figure out what kind of web development work best suits you let’s start with an introduction to the three main roles in web development that you can choose from.
The Three Types of Web Development Jobs
Front-End Web Development: The Creative Side
In addition to programming skills, front-end developers need to be detail oriented, creative, willing to keep up with the latest trends in web development, cyber security conscious, and geared toward user-friendly designs. The median salary for a front-end developer can reach well into the $90,000 to $100,000 range.
Back-End Web Development: The Logical Counterpart
While a house can be beautifully decorated, it’s incomplete without a solid foundation and efficient infrastructure. Similarly, a well-designed website depends on logical and functional code to power the features of that website. Back-end web development is code-heavy and focused on the specifics of how a website works. If you enjoy the analytical challenge of creating the behind-the-scenes code that powers a website, then back-end development is for you.
Full-Stack Web Development: A Little Bit of Everything
A full-stack developer is essentially the Jack (or Jill)-of-all-trades in web development. Full-stack developers need to be knowledgeable about both front-end and back-end roles. This does not necessarily imply that you would need to be an expert in both roles, but you should fully understand the different applications and synergies they each imply. In order to work in this position, you will need to know the programming languages used by front-end and back-end developers. In addition to these languages, full-stack developers also specialize in databases, storage, HTTP, REST, and web architecture.
Full-stack developers are often required to act as liaisons between front-end and back-end developers. Full-stack developers need to be both problem solvers and great communicators. The end goal for a full-stack developer is to ensure that the user’s experience is seamless, both on the front-end and on the back-end. In return, you can expect to earn a median salary of $100,000 – $115,000 a year for this role.
Taking the Next Step
Web development is both in-demand and lucrative! All three roles described above contribute to specific aspects of web development and the scope of each one can be customized to the industries and positions you feel best suit you. Regardless of which role you choose, all of them need a foundation in programming.
To gain the programming skills needed in each role, you can enroll in courses or learn independently. Coding bootcamps are a great way to boost your skillset quickly and efficiently.
Click here for some of our highly rated programming bootcamp options! Make sure to check out the discounts available to PowerToFly members.
Environmentally Friendly and Sustainable Companies
Sustainability is more important now than ever.
Companies use huge amounts of our planet’s resources, and they in turn have huge impacts — positive and negative ones. While a few generations ago, it seemed as if the Earth’s resources were infinite, we now know how false that is.
That’s why it’s critical that sustainability be at the integral to a company’s makeup, prioritizing protecting the resources we do have left and having positive impacts on the environment.
We asked some of our partner companies to share what they do to promote positive environmental impact and sustainability. For some of them, solving environmental issues is part of their core DNA and others have taken on initiatives outside of their own business objectives to leave the world a better place than how they found it. Keep reading to hear what they said!
Collins Aerospace —
As a leader in technologically advanced and intelligent solutions for the global aerospace and defense industry, Collins Aerospace is in a unique position to make a positive impact on sustainable aviation. We innovate for – and with – our customers to drive more sustainable solutions.
Collins Aerospace has joined in the Fly Net Zero commitment announced in October 2021 by the Air Transport Action Group (ATAG) and the International Air Transport Association (IATA). As an active supporter of the industry’s goal to achieve net-zero civil aviation carbon emissions by 2050, our commitment is stronger than ever. At Collins our sustainability roadmap focuses on three pillars:
1. Engagement with our stakeholders - our customers, suppliers, shareholders, communities and employees – to collaboratively set the standards for a sustainable future of the aviation industry in terms of Environmental, Social & Governance (ESG) performance.
2. Our Technology Roadmap focusing on innovative and disruptive solutions to improve aircraft energy and operational efficiency and to enable alternative power sources, in particular Sustainable Aviation Fuels (SAF), hydrogen and hybrid-/electric propulsion.
3. Our Industrial Road Map focusing on sustainable production and products – including GHG reductions through energy efficiency and use of green energies, substitution or reduction of chemical substances, reduction of water consumption as well as recycling and waste management.
For more information please refer to our website at https://www.collinsaerospace.com/Sustainability
Learn more about Collins Aerospace here.
Okta’s climate strategy is focused on reducing emissions in 4 ways: reducing consumption, electrification, purchasing renewable electricity to match 100% of our global office and workforce electricity consumption, and engaging our vendors, as over 90% of our emissions are from our value chain. We strive to incorporate equity into our work. For example, we purchase renewable energy certificates (RECs) with a social benefit, such as CA Bright Schools Solar and energy justice RECs - community solar that reduces electricity costs for low-income residents via Solar Stewards.
Learn more about Okta here.
Established in 2012, Vanguard's community gardens are planted, maintained, and harvested by crew volunteers who donate the produce raised to local food banks, pantries, and centers.
Gardens in Pennsylvania and Arizona raise a variety of produce, including tomatoes, peppers, spinach, lettuce, zucchini, carrots, and eggplant.
In addition, the community garden teams host periodic garden parties, workshops, and cooking demonstrations, where crew can learn more about what is being planted, ask questions about their own personal gardens, and network with other volunteers. All produce is grown organically, so there are opportunities to learn the latest in organic agriculture.
Learn more about Vanguard here.
Sustainability is a key component of Nokia’s strategy and purpose of creating technology that helps the world act together. We believe digitalization and connectivity solutions are critical to resolving many of the global problems facing society.
We take a two-pronged approach. We maximize our handprint while minimizing our footprint across environmental and social issues, supported by robust governance and responsible and ethical business practices.
We realize we cannot do this alone, and we call for accelerated digitalization and enhanced connectivity, greater multi-party, multi-discipline collaboration and the establishment of sustainable platforms that encourage innovation.
Learn more about Nokia here.
EnerSys is the global leader in stored energy solutions for industrial applications and has been for over 100 years. At our core, EnerSys delivers solutions that meet our customers’ most critical energy services and storage challenges. We also enable our customers to reduce their greenhouse gas emissions and provide affordable and reliable access to energy – often referred to as “climate technology.” Our products support a wide range of industries and applications, from ensuring the reliability of broadband in rural communities to powering submarines and satellites to the manufacture and distribution of food supplies and critical health infrastructure.
Learn more about Enersys here.
At Google, we are celebrating the opening of our Bay View office — an all-electric, net water positive campus with the largest geothermal installation in North America. To deliver on our commitment to operate every hour of every day on carbon-free energy by 2030, we prioritized renewable energy and maximized the solar potential of our buildings. Bay View’s first-of-its-kind dragonscale solar skin and nearby wind farms will power it on carbon-free energy 90% of the time. The campus is also on track to be the largest project certified by the International Living Future Institute (ILFI).
Learn more about Google here.
Waters Corporation —
Waters has committed to reducing its Scope 1&2 greenhouse gas emissions (GHG) 35% from a 2016 baseline by 2025. As part of this commitment, we are increasing our use of renewable energy, phasing hybrid and electric vehicles into our service fleet, and incorporating green building principles into our facilities management practices. We are also taking steps to measure and reduce the environmental impact of our products, our packaging, and our supply chain. In addition, we encourage our employees around the world to be sustainability leaders in their communities. For more information, please see our most recent Sustainability Report.Learn more about Waters Corporation here
As a global company, Pluralsight is committed to positive corporate citizenship and to continuously improving efficiency as we scale. We’ve implemented several initiatives that will help reduce our carbon footprint, including new remote/hybrid work policies and we’ve recently signed a climate pledge that sets us on the path to becoming carbon neutral. Through this pledge we plan to set clear greenhouse gas (GHG) annual reduction targets and also invest in ways to proactively offset the balance of our GHG emissions to achieve net zero. This plan will also support our team members in their involvement in local sustainability initiatives.
Learn more about Pluralsight here.
Expedia Group —
In 2019, Expedia Group partnered with UNESCO to create the UNESCO Sustainable Travel Pledge which aims to promote sustainable travel, community resilience and heritage conservation globally. Signatories can learn about sustainable practices for their business, and together we can drive positive change in the travel industry for future travelers. The UNESCO Pledge now has 4,200 hotels committed to concrete, transparent and achievable action.
Learn more about Expedia Group here.
At UKG, we care deeply about our environmental impact and our responsibility to take care of the world in which we live and work. Our primary environmental impacts relate to our own energy consumption, as well as the energy consumption of UKG hardware products, our business travel, and the consumption of natural resources through our activities and procurement processes. Our recent and ongoing efforts to reduce our environmental footprint, including both our own corporate output and the sustainability and environmental practices of our trusted suppliers and vendors, are a critical component of our ESG Initiative.
Learn more about UKG here.
CDW is committed to protecting the environment by continuing to find ways to manage our business with increasing efficiency and understanding the full extent of our environmental impact.
Our efforts include participating in multiple electronics recycling programs, consistently meeting and exceeding our waste diversion goal of 90% at our US distribution centers, and implementing smart packaging solutions that maximize both product protection and material efficiencies.
We also recognize that our greatest opportunities to impact the environment lie in our supply chain and our ability to work with our partners to address issues such as climate change and waste reduction. For example, more than 75% of our US shipments are handled by carriers with Net Zero emissions targets.
Learn more about CDW here.
At Moody’s, we are doing our part to protect the environment and tackle climate change. We are committed to achieving net-zero emissions in our operations and value chain by 2040 – 10 years earlier than the Paris Agreement goals – and to aligning our relevant products and services to net-zero. We also offer market participants climate solutions to help them better understand the risks and opportunities presented by climate change and the transition to a low-carbon economy. Learn more about Moody’s efforts and progress in our 2021 Stakeholder Sustainability Report and 2021 TCFD Report.
Learn more about Moody’s here.
Wolters Kluwer —
At Wolters Kluwer we’re not only helping our customers create a safer, cleaner world - we’re doing it ourselves!
In 2021, Wolters Kluwer launched a sustainability program called ENGAGE and to celebrate the contributions employees made, this year we held the Global Sustainability Awards.
Colleagues in our Enablon business won an award for partnering with volunteer organisations around the globe including Chicago Region Tree Initiative in the US, SUPclean-up in the Netherlands, and the Calthorpe Community Garden in the UK.
80 Enablon volunteers spent more than 300 hours planting trees and clearing litter from waterways and beaches, helping raise awareness across Wolters Kluwer of the importance of sustainable practices while giving back to local communities.
Learn more about Wolters Kluwer here.
As the world’s largest recycler of aluminum, sustainability is implicit in everything we do at Novelis. Our ambition is to be the world’s leading provider of low-carbon, sustainable aluminum solutions that advance our business, industry and society toward the benefits of a circular economy. We’re guided by our sustainability goals, which will ultimately lead to a reduction in energy intensity, a reduction in water use, and a reduction of waste sent to landfills by 2026. Cultivating a diverse and engaged employee base will be our greatest enabler in achieving these goals.
Learn more about Novelis here.
Sun Life —
Sun Life views climate change as a defining issue of our time. We’re working to address climate change and supporting the transition to a low-carbon economy. We have set a goal to achieve net-zero greenhouse gas emissions by 2050 for both our investments and operations. We're also committed to integrating climate strategies across our businesses and working collaboratively with our Clients, stakeholders, and the industry at large, towards this common goal.
To help us expand on our commitments and strategies, Sun Life recently appointed Paula Haschig as our new Vice-President, Climate Change. Learn more in our latest Sustainability Report.Learn more about Sun Life here
Key to solving the world’s most pressing issues: climate, health equity, poverty, racial justice, and education, is data.
With customers around the globe, Splunk is uniquely positioned to help solve some of the world’s toughest challenges.
Learn more about Splunk here.
GoTo is committed to maintaining carbon neutrality. Our permanent move to a remote-centric workforce has reduced Greenhouse Gas (GHG) emissions across all scopes. To account for the shift in our employees’ work locations, we purchase certified offsets for the emissions they generate during work hours, both in the office or at home, as well as for necessary corporate travel. We also procure 100% renewable electricity for our global operations by purchasing Green-e certified RECs to match our global electricity usage. Our data centers have high ratings from Greenpeace and we engage our global employees through our Global Green Team.
Learn more about GoTo here.
Raytheon Technologies —
As part of Raytheon Technologies’ Environmental, Social and Governance (ESG) vision, Raytheon Intelligence & Space (RI&S) is working toward ambitious goals to reduce greenhouse gas emissions, conserve energy and water, minimize waste, and increase renewable electricity by 2025. Our ESG strategy guides all that we do, and particularly emphasizes purposeful connections with community. For example, over the past year RI&S has participated in various events like community clean-ups in McKinney, Texas; a food bank packing line in Plano, Texas; an Earth Day plant seed swap in Goleta, California; and a leadership team clean-up at the Santa Barbara Zoo.
Learn more about Raytheon Technologies here.
From greener buildings to cleaner cars, smarter factories to bigger blockbusters, Autodesk technology is used by millions of people to design and make millions of things that impact billions of lives.
At Autodesk, sustainability is about making that impact positive across three impact opportunity areas: Energy & Materials, Health & Resilience, Work & Prosperity.
All this begins by being a better business ourselves. When we improve the impact of our own operations, we gain the knowledge and credibility to help our customers improve theirs. And by building a culture of belonging, together we thrive.
Learn more about Autodesk here.
We take a very broad view of sustainability and social impact, with our environmental focus rooted in both our climate responsibility and systemic, environmental justice concerns. Last year we launched our climate justice grantmaking program; with input from our EnviroDuty affinity group, we selected four incredible climate justice organizations to support: Earth Guardians, Earth Hacks, The Solutions Project, and OpenAQ. We are also taking our own responsibility seriously, reporting our first greenhouse gas inventories and preparing to set targets in line with the global need to limit warming to 1.5°C to meet the goals of the Paris Agreement.
Learn more about PagerDuty here.
American Express —
American Express is committed to advancing climate solutions and enhancing its operations and capabilities to meet customer and community needs in the transition to a low carbon future. In 2021, the company committed to net-zero emissions by 2035 and has been CarbonNeutral® powered by 100% renewable electricity across its global operations since 2018. The company set a goal to pilot low-carbon product innovations and is making new digital products and services available to help customers understand their carbon footprint. To support climate action through community giving, the company will provide at least $10 million by 2025 to backing low-carbon communities.
Learn more about American Express here.
At Esri, we believe that it is everyone’s duty as global citizens to protect our world’s resources. As a business, Esri practices sustainability by operating on solar power in many of its buildings, using electric cars for corporate vehicles, providing EV charging stations for employees, donating and planting trees in the community, and more. Some of Esri’s key initiatives are conservation and sustainability. Influencing and partnering with customers to build a sustainable future through geographic information system (GIS) technology is what drives us. You can read more about these initiatives at https://www.esri.com/en-us/about/about-esri/why-we-do-it.
Learn more about Esri here.
Pitney Bowes —
In 2021, Pitney Bowes was named a Climate Leadership Award winner. We have committed to be carbon-neutral in our operations by 2040. We are also proud to announce that we have increased our share of electricity from renewable sources such as wind and solar power.
Learn more about Pitney Bowes here
BlackRock has a multi-pronged strategy to address climate-related risks and promote positive environmental impact. One commitment that we’re proud of is The BlackRock Foundation's recent commitment of $100 million to Breakthrough Energy's Catalyst Program, which will help accelerate the development of climate solutions necessary to achieve net zero emissions by 2050.
In addition to our strategies as an asset manager and as a company, our people play an important role in creating and leading sustainability within our offices. Our Green Team Network is responsible for stewarding conservation efforts throughout our offices and within the communities in which we operate. The 49 teams organize activities including elimination of single use plastics, rebuilding our local ecosystems, taking personal responsibility for our own net zero journeys, matching donation opportunities, educating all employees on climate and environmental issues, and so much more!
Join us as we provide financial security and overall well-being of people and communities around the world.
Learn more about BlackRock here.
We loan because… we want the world to be a better place
At Kiva, our mission is to connect people through lending to alleviate poverty, and this mission extends beyond just financial poverty. We aim to help increase access to basic services as well, from clean water and sanitation, to getting sustainable energy in homes. Green loans on Kiva help borrowers switch to environmentally friendly products that reduce pollution, promote sustainable practices and help families succeed. Read more about this HERE
Made of individual kiva lenders who are concerned about the environmental impacts of their loans, this is a forum to notify each other of environmentally sustainable loans that are needing funding. Sustainable development projects include recycling, solar, re-use, organic agriculture, health, etc.
Learn more about Kiva here.
Cummins is committed to powering a healthier environment, stronger communities, and robust and inclusive economies. Our PLANET 2050 environmental sustainability strategy, and our Destination Zero™ product strategy are driven by decarbonization and circular economic principles that promote economic growth while using fewer of the world's resources.
Learn more about Cummins here.
Finding new ways to help the planet and the people around us is some of the most important work we do at 1Password. This year, in celebration of Earth Day and giving back, we partnered with Evertreen and sponsored the planting of 10,000 trees. Additionally, in support of the Sustainable Ocean Alliance sending hundreds of youth to the UN Ocean Conference Youth and Innovation Forum, we created custom reusable tote bags for each attendee. We also participated in a water bottle giveaway in partnership with Ocean Bottle, with one reusable bottle preventing 1000 plastic bottles from entering the ocean. We know there is always more to do to support our planet, and we're excited to continue doing the work alongside these partners.
Learn more about 1Password here.
Samsara is in a unique position where we help our customers to be more efficient, safe, and sustainable by delivering actionable insights that improve their operations.
“Our customers keep the world running. Our solutions help them digitize their operations so that they can cut greenhouse gas emissions, reduce safety and security incidents, and make the world a better place.” - Sarah Patterson, CMO at Samsara
For example, a transportation solutions customer saw a 50% reduction in vehicle idling and a 2% increase in fuel efficiency—resulting in 150,000 gallons of fuel saved and over $500,000 in savings per year.
Learn more about Samsara here.
The biggest thing we’ve done is go 100% remote for those that want to, and we are currently downsizing our office space. Prior to going remote, we issued monthly green credits to those that used public transportation or biked/walked to work. When we had chefs, they used local farms and purveyors. We were also the first commercial customer of Lettuce Grow and had several hydroponic towers on site from we which we harvested our greens for lunch. Participation in community service and clean ups of our local water ways is also an important part of our charity work.
Learn more about uShip here.
“Our sustainability approach at Relativity is to provide our employees with the tools, resources and working groups they need to be more sustainable in both their work and personal lives. We focus on growing responsibly as a company in regards to sustainability metrics, our carbon footprint, and so on – but we also focus on educating and empowering our employees to make thoughtful decisions in their work and home life and become stewards of a sustainable future. We strongly believe that the impact of our sustainability program should be far reaching beyond our offices.”
— Amanda Fennell, Chief Security Officer and Chief Information Officer
Learn more about Relativity here.
SumOfUs is 20,425,844 people stopping big corporations from behaving badly.
On environmental justice & sustainability — we believe in safeguarding our communities and the planet from the impacts of climate change. We advocate for Indigenous land rights, the safety and wellbeing of climate refugees, reducing plastic waste and water pollution, and preventing habitat destruction
HERE are some of our current campaigns we’re very proud to share with you.
Learn more about SumOfUs here.
As a purpose-driven company committed to long-term value creation, ServiceNow has made Environmental, Social, Governance (ESG) a strategic imperative across our organization. With digital experiences that make work flow across the complex ESG landscape, ServiceNow is making progress and driving sustained impact for the planet. We’ve achieved 100% renewable electricity and carbon neutrality in business operations, travel and work from home. Additionally, we’re engaging in responsible procurement—33% of our suppliers by spend have set or committed to science-based targets.
Learn more about ServiceNow here.
Collective Insights — Community Connection at Collective Insights
At Collective Insights, our community is more than just something we are part of. You'll find us lending a hand or sharing a donation, but more than that, we're invested in making an impact! From the beginning, giving back to our city has been an integral part of Collective Insights' mission.
Chattahoochee River Keepers (CRK), one of our main community partners, has a mission of ensuring there is enough clean water in the Chattahoochee River now and for future generations. Collective Insights partners with CRK annually to serve alongside hundreds of volunteers to keep our community clean.
Watch to learn more about how we support our Atlanta community through short-term initiatives and long-term sustainable efforts.
Learn more about Collective Insights here.
Pax8 provides positive environmental impact by recycling, utilizing power management in all of our suites, auto shutdown of lighting and appliances. We use environmentally friendly kitchen utensils and supplies. Our environmental group organizes e-waste events for all of our hardware that has reached end of life, as well as several other events to help clean up the environment.
Learn more about Pax8 here.
As a leader in Environmental, Social, and Governance (ESG) reporting, sustainability is part of who we are at Workiva. To reduce our environmental impact and provide a way for our employees to safely dispose of electronics, we’re hosting a company-wide E-Waste drive in August. We’re also piloting a new initiative to power down our offices on select Fridays to measure the potential impact we can have in reducing our carbon footprint. By eliminating single-use plastics in all our offices, along with recycling in many of them, we’re doing our part to take care of the planet.
Learn more about Workiva here.
Light & Wonder — Every day is Earth Day at Light & Wonder!
As part of Light & Wonders commitment to invest in our planet and serve as environmental stewards, hundreds of employees come together annually to support a local community cleanup as a partner in The Great Global Cleanup. Employees globally participate in the flagship volunteer program and worldwide campaign to remove millions of pieces of trash from neighborhoods, beaches, rivers, lakes, trails, and parks — reducing waste and plastic pollution, improving habitats, and preventing harm to wildlife and humans. Light & Wonder employees take action on Earth Day each year to participate and mobilize with millions of volunteers to keep our communities and clean and healthy.
Light & Wonder also supports The Canopy Project, funding reforestation efforts worldwide that plant trees across vast ecosystems, with many species completely reliant on them for their survival. Reforestation is an effective method to fight against climate change while also maintaining the many benefits forests provide. Light & Wonder donated more 7,500 trees in the last year alone and remains committed to support reforestation projects is an effective method to fight against climate change.
Learn more about Light & Wonder here.
Back Market —
We're rebels with a cause.
Spurred into action by the megatons of e-waste (electronic waste) we produce each year thanks to our collective obsession with new tech, Back Market is challenging people to rethink their tech consumption.
Since 2014, through the sale of refurbished smartphones, Back Market has prevented:
- The emission of 580,144,582.08 kg of CO2
- The use of 1,878,480,190 kg of raw materials
- The consumption of 498,015,680,400 L of water
- The production of 1,274,162.93 kg of electronic waste
Learn more about Back Market here.
At McMaster-Carr, an e-commerce company with five US facilities, we are increasingly aware of the limits of natural resources. Although our operations are not particularly burdensome on the environment, we do our part to create a sustainable economy by focusing on reducing energy and emissions, leveraging recyclable materials, reducing waste and water use and offering our customers products that support sustainability. Specifically, at McMaster-Carr we have achieved reducing energy consumption and emissions by 15% and 25% respectively over a five-year period and continues to divert more than 90% of waste from landfills.
Learn more about McMaster-Carr here.
Northrop Grumman —
Northrop Grumman incorporates environmental sustainability into our business process and operations and prioritizes strong environmental management.
- We are committed to achieving net zero greenhouse gas (GHG) emissions in our operations by 2035. To do this, we will continue to emphasize efficiency, invest in low and zero carbon energy solutions and incentivize operations-related emissions reductions through the company’s non-financial metrics.
- Our company completed installation of our newest solar power-generating system at our Rolling Meadows, Illinois, site in 2021.
- Also in 2021, we adopted additional processes to help our employees remain safe amidst the pandemic, while continuing efforts to reduce our environmental footprint, and using our past performance to help shape future goals with sustainability at the forefront.
- Learn more about our commitment to environmental sustainability.
Learn more about Northrop Grumman here.
Chainalysis’s Ashley Vaughan on Why She Finds Cybersecurity So Meaningful, and How More Women Can Find Their Niche in the Industry
How much money do criminals control today, and where is it?
These are some of the many questions that Ashley Vaughan, Senior Solutions Architect at blockchain data platform Chainalysis, spends her days working to answer.
“You learn more about a situation or problem by following the money than from any other resource or piece of information,” she explains. “Money doesn't lie. People can lie in text messages or other means, but the path of the money leads you to what you're trying to accomplish.”
Though Ashley always knew she wanted to work with computers, she found her way into roles in cybersecurity, and then specifically blockchain security, through networking and exposure — not by setting out to do so.
We sat down to talk about her career journey, as well as what advice she has for other women looking to make their mark in these burgeoning fields.
Resilience and Curiosity
Ashley doesn’t often give up, and credits some of that attitude to an obsession with soccer as a kid.
“Playing sports makes you a more resilient person, I think. You learn failure and risk, which are very applicable to my job and my career path,” she says.
That resiliency was a good thing, notes Ashley, because as a young girl, she wasn’t always encouraged to pursue what she was most interested in: math and science. A teacher early on had told her that she wasn’t good at math, and Ashley believed that narrative until high school.
“We really shouldn’t put those ideas in children’s minds, because it affects them for much longer than you might think,” she says of the experience. “But I’m the kind of person that when someone tells me I can’t do something, it makes me want to do it even more, and do it better.”
Finding out in advanced high school math classes that she actually was good at math turned into choosing a computer engineering major when she got to college.
Graduating during a recession in 2010 meant Ashley didn’t have the job market of her dreams, but after working in IT, she networked her way into a role in the cybersecurity department of a prominent DC law firm.
“They were getting hit left and right from social engineering and phishing attempts,” says Ashley. “Due to the sensitive nature of the work they dealt with, I was exposed to the darker realities of the digital era, and I began to see a new side to the world—one of real significance to national security.”
Specializing in Cybersecurity — and Finding a Home in the Private Sector
Inspired by what she was working on at the law firm, Ashley pursued a master’s in cybersecurity with a focus on counterterrorism.
“I wanted to help protect our country,” she explains. “I have a lot of family members who are former military, so that was a natural step for me.”
That led to her taking a contract role specializing in offensive security at a government agency that frequently worked with Chainalysis. After working with Chainalysis folks onsite, she was sold and started pursuing a position with the company.
“I wanted to help make sense of blockchain data for a bigger purpose, like assisting in the continued threat of ransomware activity against American interests,” she explains.
Although she credits her public sector work with providing a solid foundation in blockchain security, the private sector turned out to be a better fit for her.
“What I love about Chainalysis is that my colleagues are really happy people, and I’ve always felt welcome and not scared to ask questions,” says Ashley. “In past jobs, where I was one of five women in a group of 150, I felt a lot of pressure. I didn’t ever want to make a mistake. I felt as if I had to be a chameleon to match the social environment of my male counterparts.”
Blockchains are all about democratizing data, and Ashley likes working with a team of people of all backgrounds to help support that mission. At Chainalysis, Ashley works with internal product and engineering to show customers how Chainalysis data can help them use complex blockchain solutions to solve data problems — and catch bad guys.
“Sometimes we’re following a bad actor who’s tied to child sex trafficking. Being part of a coordinated operation to put a stop to things like that is really fulfilling,” she says.
3 Tips for Women Who Want to Find Their Place in Cybersecurity
For a long time, reflects Ashley, she just wanted to come into work, do her job, and feel supported, without feeling like she didn’t fit in or was representing her entire gender. Fortunately, she found what she wanted — and she hopes other women will find that, too. They can start their search by:
- Knowing they’re not alone in having tough experiences. “Everyone has different definitions for how you’re supposed to act or supposed to handle your emotions as a woman at work, and it’s exhausting. It’s like, ‘This is just me.’ I can’t repeat enough how tiring that is,” she says.
- Prioritizing self-directed learning. Although Ashley completed a master’s in cybersecurity, she emphasizes that there are many other routes into the industry, including self-study. Whether you get involved in programs like Girls Who Code or do self-paced learning through platforms like Udemy or Coursera, the important thing is that you pursue independent learning about topics that interest you, she says.
- Creating and maintaining relationships. “Really talking to people is almost a lost art,” says Ashley. “Getting together with someone who has the same sort of mindset and leveraging their knowledge, and making sure you keep in touch with people who help further your career, is a good move. Most of the places I got to professionally were based on my human connections.”
Nowadays at Chainalysis, Ashley is no longer one of five women in the office, and is excited to start paying it forward so that more people with backgrounds like hers can pursue their own professional success.
“We tend to feel more comfortable talking to people who might have our same gender or educational background, and being open and vulnerable with them,” she says. “Being a visible role model is really important to me.”
Check out Chainalysis’ open roles here!