For companies trying to scale security processes, automating security tasks isn’t the only way to go. A diverse cybersecurity team with a wide variety of skills should also be a priority, according to Aanchal Gupta, director of security at Facebook.
In part two of this three-part Q&A, Gupta highlights the measures that Facebook has adopted to build a diverse cybersecurity team consisting of “builders, breakers and defenders” that keep the platform secure for users. Gupta also discusses the security measures that Facebook has adopted in the wake of the Cambridge Analytica data scandal.
Editor’s note: The following transcript has been edited for clarity and length.
What is Facebook doing to build a diverse cybersecurity team?
Aanchal Gupta: We engage with people at different phases so that we can build a diverse cybersecurity team. We are working very closely with CodePath, and we have built our online security course. We launched this as a credit course for several schools. That way grads and undergrads can take this course and they can get more exposure to cybersecurity. If they get exposed to it, it is highly likely that they would want to pursue a career in cybersecurity. We attract talent that way.
We also partner with organizations like GenCyber. They work with kids who are in middle school or high school and they get to play capture the flag. It’s a fun way to introduce them to cybersecurity. If we expose upcoming generations to the unique challenges they can solve in the cybersecurity space, they will be keen to pick a career in this space.
On the global front, we also host hackathons and capture-the-flag events in different countries because diversity also means people with different backgrounds.
As the director of security at Facebook, what is on the top of your agenda right now?
Aanchal Guptadirector of security, Facebook
Gupta: Obviously, having more than 2 billion users on our platform and keeping them secure on our platform is top of our mind at all times, and it’s challenging. We hire builders, breakers and defenders and this also connects back to the diversity part of it. If we just hired builders or just hired defenders, it wouldn’t be a very strong team.
Builders are the people who are building security frameworks. They are building security tools, processes. When I talked about our two-factor authentication or login alerts or Pyre, those are the things that these builders are building.
Then we have breakers; these are the people who are testing and auditing our security systems and processes and they are making sure that we are resilient to any attacks.
And we have defenders. These are the people who are detecting and responding to security events and incidents. When we have people playing in these three different roles, I feel there is excellent coverage and we are able to meet up with the challenges that are demanded of our roles.
Given the recent data privacy issue that Facebook had, what steps is Facebook taking to improve the future of security?
Gupta: There are a lot of things we are doing to help our users be more secure on our platform. We are definitely closely reviewing our API access and we are making sure that for any API access that hasn’t been used for three months, we just remove that access and the user has to grant that access again. We are helping our users to be more security and privacy savvy this way. We also have a privacy wizard that we are walking them through, so they can review the privacy settings on their account.
Stay tuned for the final part of this Q&A, where Gupta talks about how Facebook is implementing machine learning in security.