Cybersecurity Woman of the Year – Elisa Costante

Promote this Nomination

Additional Info

Job title of nominated professional (or team name)Vice President of Research at Forescout Technologies Inc.
Company (where nominated professional or team is working)Forescout Technologies Inc.
Websitehttps://www.forescout.com/
Company size (employees)1,000 to 4,999
Headquarters RegionNorth America

In 3 bullets, summarize why this professional or team deserves recognition:

● Elisa has succeeded over the past 20 years in a male-dominated field as an expert, a woman and a mother, establishing herself as a prominent cybersecurity researcher by always dedicating herself to the task at hand. An industry evangelist, she has helped a wide variety of companies improve their critical infrastructure security and helped educate them on how to make smart investments in the overall security posture of their networks, all while also showing the importance of having diverse voices in the community.

● Elisa has always put a priority on what she calls applied research, meaning ways that research can be put into practice to better protect an organization from attack. As Elisa likes to say, her job and passion is to transform research into knowledge, and knowledge into code. Her unique skill set in both research and product innovation makes this possible. As Vice President of Research at Forescout Technologies, Elisa drives research on critical infrastructure, industrial systems and the extended Enterprise of Things and applies her learnings to the company’s technology. Through her research and product leadership, Elisa has helped Forescout’s more than 3,800 customers, and the world at large, to be better protected. She seizes opportunities such as speaking at conferences and contributing her insights to scientific publications in order to help as many people and companies as possible improve their own knowledge and implementation of cybersecurity.

● Over the last year, Elisa helped get the Project Memoria research initiative off the ground (while on maternity leave) and further proceeded to execute research on the largest security study to date dedicated to understanding the vulnerabilities within TCP/IP stacks used by millions of connected devices. The scale of this research is unprecedented and the implications of its findings are widespread— across numerous companies, industries, and the world.

Brief Overview

Elisa has built her entire career on uncovering emerging cybersecurity threats to the enterprise. Her early research included finding ways to use machine learning to measure data privacy and develop a monitoring solution to detect data leakage or misuse. Over the last year, she has turned her focus to researching the latest threats and vulnerabilities in connected enterprise devices. This has culminated in Forescout’s Project Memoria, an initiative that provided the community with the largest study on the security of TCP/IP stacks.

In 2020, Forescout Research Labs and JSOF Research discovered the Ripple20 vulnerabilities in a common TCP/IP stack. Following that endeavor, Forescout’s researchers hypothesized that similar vulnerabilities could exist in other TCP/IP software. Under Project Memoria, Elisa and her team analyzed 14 different TCP/IP stacks, uncovering 97 vulnerabilities that could impact 3 billion-plus devices around the globe. Project Memoria’s first disclosure occurred in December 2020 with AMNESIA:33 (33 vulns), followed by NUMBER:JACK (Feb. 2021, 9 vulns); NAME:WRECK (Apr. 2021, 9 vulns); INFRA:HALT (Aug. 2021, 14 vulns); and NUCLEUS:13 (Nov. 2021, 13 vulns). Elisa and the team now leverage their findings as a tool for broader education on the necessity of enacting improved procedures surrounding the development and security of essential connected devices.

Beyond research, Elisa is an advocate for women and a cybersecurity community educator. She has a gift for translating complicated cybersecurity research into terms any person can understand. Over the last year, that has meant speaking extensively about and educating the world on the vulnerabilities discovered throughout Project Memoria and contributing her insights to scientific publications. In doing this, she believes she can help companies improve their overall security posture, while also showing the importance of having diverse voices in the community.