Cybersecurity month speaker will talk about good security practices you may actually use

She recently ran a hurricane tabletop exercise with her grandparents who live in North Carolina, she met her fiancé over an argument about password managers, and she’s currently doing exercises in risk management and threat modeling to enable desired happy outcomes for her wedding.

Jessy Irwin, head of security at Tendermint, lives and breathes security and security practices. She knows it’s a little nerdy and can be an exhausting way to operate for some, but what can she say? She’s the “security empress,” a title she took when she worked at the password manager company 1Password.

Irwin, an expert in both cybersecurity and security protocol translation, will give her talk, “Communications + Code: Building Cybersecurity Strategies for Humans and Machines,” at 5:30 p.m. on Oct. 11 in Fowler Hall as part of National Cybersecurity Awareness Month. The event is free, open to the public and no registration is required. Doors will open at 5 p.m.

Her grandparents didn’t have to use their hurricane emergency training, but Irwin says it’s one of those things you never know you need it until you need it.

“It was funny to take something I’ve been practicing with my team professionally and use it to work with my grandparents,” Irwin says. “It’s hard to specifically remember the actions when they’re stressed and highly emotional – we talked about why you have to know what to do in advance.”

Irwin is a pioneer in her field. She deeply believes in good security practices, but especially focused on users, which is a rarity among cybersecurity experts, who usually focus on a technical solution. She takes a “human-centric” approach to her job, because what comes after technology is people, always people.

“Most people get really worried about code being vulnerable, but if your code is too good and too hardened and too expensive to attack, they’re just going to after the humans,” Irwin says. “We’re always working to harden our people.”

Her security-by-empathy skills were jumpstarted in her previous role at 1Password, where she received her famous title. Irwin says her role there had her working with both the marketing and security teams, so she could clearly see the intersection of how to “sell” people on security ideas.

“Even now, it is still very much my job to weigh in on everything from how we manage assets to how we’re securing our code,” Irwin says. “It’s never a regular day.”

If Irwin had to leave the audience with one practice to start their cybersecurity journey, it’d be her take on two-factor authentication, aka “two-raptor” authentication.

“When you have something as important as a university account – academic record, class schedule, probably your address – make sure you’re accessing it in the most secure safe way possible,” Irwin says. “Using two-factor authentication is like the difference between having one lock on your door versus a lock and chain.”

For more information about National Cybersecurity Awareness Month and ITaP events, visit ITaP’s Facebook page at www.facebook.com/purdueit or find ITaP on Twitter at www.twitter.com/purdueit.

To sign up for BoilerKey, Purdue’s version of two-factor authentication, before the Oct. 30 deadline, visit www.purdue.edu/boilerkey.

Writer: Kirsten Gibson, technology writer, Information Technology at Purdue, 765-494-8190, gibson33@purdue.edu

Last updated: September 28, 2018