Beware Melanie Coggan: Security Dragon
Melanie Coggan, a Tridium software engineer, is the founder of Tridium’s Security Dragon. During development of Niagara 4, Coggan added a feature—security manager—that prevents sensitive, security-critical code from being called. In creating documentation for security manager, she wrote it as a Choose-Your-Own-Adventure story that featured, yes, Security Dragon.
Security Dragon served to guide readers along the documentation, “eating” users who chose the wrong option, says Coggan. The documentation earned her a stuffed dragon and hand-carved “Beware of Security Dragon!” wooden plaque for her desk.
Most new engineers at Tridium are given the task of developing a driver to learn the complex interconnectivity of the Niagara Framework®. There wasn’t a driver available when Coggan joined in 2012, so she fixed a few small defects, and when a larger project emerged—integration of the Kerberos protocol into Niagara’s authentication system—it was Coggan who was tapped for the team. Over time, that led her to more and more security work.
Her proudest Tridium achievement to date is stripping out the old authentication system from Niagara AX and replacing it with a new pluggable and extensible system for Niagara 4.
“In the new system, users can create a whole new authentication scheme, and third-party developers can create new schemes, too (such as two-factor authentication),” she says. “We built an authentication system to support whatever the client needs.”
Security has always been of utmost importance to Tridium, and it definitely shows in Niagara 4. Today, the framework is secure by default, with a defense-in-depth-approach, encryption of both in-motion and at-rest data, and Role-Based Access Control (RBAC). In addition to Coggan, the Tridium security team is rounded out by Bill Smith, a company veteran “who understands how security works more than any of us,” Coggan says. There’s also government cyber-security expert Kevin Smith, the newest member of the team and one of the Faces of Niagara. “Being in secretive levels of government, he’s seen things he can’t talk about,” Coggan says, “but he knows how to secure those things, and that was a huge asset for us from a security standpoint.”
Part of that project included threat modeling to understand how entry points, such as the new authentication system, could be attacked. “It’s about putting yourself in the position of thinking like a hacker: ‘How would I try to break into this and what are our assets, what are we trying to protect?’” she explains.
Computers were ingrained in Coggan from a young age.
“One of my very earliest memories is sitting on my dad’s lap, and he was showing me a video game. It probably had like eight colors, but it’s a really good memory,” she says. “Computers have just been a part of my life for a really long time.”
The 32-year-old grew up in Quebec, where, once graduating high school, many students enter CEGEP, a two-year vocational school prior to moving into a four-year university. Due to confusion in the four-letter naming of the course, she thought she’d signed up for a German class, but it turned out to be computer programming. “It wasn’t what I had signed up for, but I really loved it,” she says. She was intimidated at first; others in the class had clearly been coding for longer, and the amount of information was overwhelming. But she pushed through.
“And it made me realize that computer science was what I wanted to do.”
She graduated from McGill University in 2008 with a master’s degree in computer science and worked for about a year at a video game company in Canada building AI characters in games.
She started at Tridium in 2012, and estimates that it took an entire year before she grasped Niagara’s code. “After a couple years, you get a good sense of how everything in the framework is connected, or at the very least how it’s likely to be connected, and if you need to make a change, you know who you need to go ask before you accidentally break something,” she says. “I’m still getting more and more comfortable every day, but there’s always something new to learn.”
A woman in a male-dominated field
If there is sexism, discrimination or special treatment to being a woman in a male-dominated field like computer engineering, Coggan hasn’t witnessed it. “The most I ever saw was maybe in school when people were surprised that, as a woman, I was doing well at computer science,” she says. “But that was about it.”
She does have advice to women aspiring to become engineers: Do not be afraid.
Particularly at first, sitting in a classroom filled with men who seem to be farther down the coding path.
“If it’s something that you’re interested in, don’t stop yourself just because you think you can’t do it,” she says. “Just like anything, you’re going to start from the baseline, and you might find out that you’re no good at it, or you might find out that you’re okay at it, or you might find out that you’re great at it. But you can never know until you try, so it’s a worth a shot.”
A WOOD ROUTER ON STEROIDS
That wooden “Beware the Security Dragon!” plaque that sits on Melanie Coggan’s desk was carved by a fellow software engineer. But he didn’t just use any wood router; this is Tridium after all, and the teams have a reputation for rigging up devices with the company’s technology. His router? Controlled by a JACE®.