Rewarding Relationships in the ISDR Program

While there are many exciting aspects of being in the inaugural class of ISDRs at UPMC, I believe one of my favorites has been the strong bond that I have formed with my fellow ISDRs and with ISDR leadership.

Currently, there are six ISDRs in the program. Since our group is so small, we have been able to really get to know each other throughout this past year. Even though we don’t all work together in the same building, we still get to see each other on a pretty regular basis through ISDR service and social events and at our monthly ISDR meetings. One of my favorite social events was going ice-skating at Schenley Park. It was so much fun to see everyone outside of the normal office environment and all bundled up!

Shireen FirouzanI really feel like the ISDRs are not only my coworkers, but also my friends. I have been able to reach out to ISDRs on multiple occasions for feedback on work projects and even for personal advice. Even at our last Report-Out Presentation, it felt like we were all genuinely rooting for each other to do well. The Report-Out Presentation can be intimidating and nerve-wracking, but knowing that my fellow ISDRs were going through the same emotions as me and also cheering me on made it less daunting. And once it was all over, it was so much fun to come together as a group to celebrate our successes.

In addition to the ISDRs, the ISDR leadership is also one of the best parts of the ISDR program. Since day one, ISDR leadership has been there for us. One of the most exciting aspects of the ISDR program is that we are currently the first and only class of ISDRs. This has given us the ability to work hand in hand with ISDR leadership to mold the program into the best that it can be. It is also comforting to know that we have such a great support system in place, as I have met personally with ISDR leadership on numerous occasions to talk about my personal and career development in addition to my progress in my rotations.

Overall, the ISDR Program has been a wonderful experience in many different ways. Being able to move through the program with such a solid group of people has definitely made the experience that much more enjoyable. I can’t wait to meet the next group of ISDRs now!


By Shireen Firouzan, Systems Analyst – ISDR

Leave a comment

Filed under ISDR, Uncategorized

PGP, Heartbleed, and Everything Else In Between

Alex SherbuckPrior to working at UPMC, I had used Pretty Good Privacy (PGP)/Public Key Cryptography tools. However, throughout all my coursework and previous IT jobs I was never required to learn about PGP. It wasn’t until using it every day at UPMC that I discovered how much there is to this technology. It’s used for signing digital files, encrypting & decrypting data, file directories, or entire hard disks, for secure email communications, etc., and chances are you’ve used it countless times today and never even noticed.

PGP isn’t a device or software, although you need software to do it and almost all devices employ it. That’s not a riddle. Public Key Cryptography is just math. Such sophisticated mathematics that if you were to try and perform the calculations yourself with a pen and paper you would probably never finish a problem in your lifetime. That’s why you need software to do it. It’s so ubiquitous because, well, it solves some very difficult problems; also it’s free, and extraordinarily secure. I’d like to share my understanding of PGP in a way that leaves out the scary math functions and Greek symbols.

What’s your definition of a big number? Is it a trillion? Is it a trillion trillions? Go bigger. PGP is just math with two goals. The first is creating really, really big numbers. We call the first numbers private keys. The second goal is creating more really, really big numbers that are linked to the first – using a second algorithm. We call the second numbers public keys. I’ll explain these names and purposes as we go on, first it’s important to know what they are and how they are created.

If you pressed a button on your computer and generated a new PGP private key you would have a pretty good assurance that you are the only person, ever, in the history (or future) of the universe to know that number. As long as you keep that number private, you can rely on the mathematics for security. The math algorithm is so sufficiently random and the numbers so large that you could keep pressing that button all day, every day and never in your lifetime see a duplicate. In fact, every person on Earth could do the same thing, pooling our outputs, and none of the results would ever be the same.

Current theories on the absolute minimum energy cost to store 1 bit of data support the statement that there just isn’t enough energy in the universe to compute every possible private key. That means if every human being, computer, alien life form, and even if we could somehow bend all the energy in the universe to work together computing these numbers we would reach the end of the universe’s lifespan before completion. To quote the bard, Keanu Reeves, “Whoa.”

By themselves, these numbers are functionally worthless. Sorry, big build up for a huge let down, right? It’s cool to think about the theory but how do you apply these things and give them a use? The magic really happens with the second numbers, the public keys.

So we have our universe and it has been dissected into an incredibly large number of parts. We’ve turned the universe in to a giant graph. We could even appoint a theoretical center with an X, Y, and Z axis and start assigning values. If we wanted, we could draw a giant curve through the universe. Just like drawing a curved line on a Cartesian plane in geometry class. This is what PGP, effectively, does.

 This is far from y=mx+b (which was as far as younger me wanted to go with math) but it is the same idea. Algebra teaches us that if the properties of a line are known you can predict the other points that fall on that line. The same is true for a PGP elliptic curve. The private key is used to generate this curved line. As long as the same key is used the same line is created each time. Points can be picked on this curved line and they will be linked to your private key because only your private key can generate this line. These points are just numbers and they become the public keys.

As long as a private key is secure no one can predict any possible points of its elliptic curve. This is why we call the first number a private key. It must be kept a secret. We use the second numbers, the public keys, to do the data encryption that secures websites, email, and all those great things from way back at the first paragraph. Public keys can be given out freely. If someone were to try and use it to identify your private key they would still have to check it against the PGP curves of every private key in the universe. That’s just impossible. Private keys can also be used to encrypt data that only public keys can decrypt. This provides you a guarantee that if you can decrypt data with a public key it is from the key holder.

If you are connecting to a website and want a secure connection you likely had to download a security certificate. There are many standards but you are likely storing one of the public keys for the web server’s private key in that certificate. When your browser connects to the secure site it will send traffic that is encrypted using the public key. That data can only be decrypted by the person or software that has access to the private key to which it is now linked. Yes, I am saying that if your encrypted banking traffic were to be scanned, sniffed or otherwise copied while transferred over the wire even an alien race thousands of years more advanced than ours probably couldn’t see a bit of useful data, let alone an account balance.

Though the math has been peer reviewed for decades and is considered sound PGP has a major weakness – humans. We are excellent when it comes to physical security; bank vaults, locks on doors, bars on windows, etc. We’ve been doing those things for so long. Digital security is still new. Although the mathematics of PGP is sound the way it is deployed or used by software can leave you vulnerable.

Recently, with respect to the time of this writing, the Heartbleed Bug has affected an insurmountable number of systems, devices and enterprises. This was not a bug In PGP. This was a bug in software that used PGP. Popular opensource software, OpenSSL, was exposing portions of client memory on systems where it was running. For affected clients, this meant the private keys that were in use were compromised. Eavesdroppers, whether they are aliens with technology beyond our understanding or a neophyte hacker snooping on your network traffic from their parents’ basement, could view keys private keys stored in memory. Once someone has your private key your security is gone. OpenSSL is used in home computers, websites, printers, cell phones, firewalls, operating systems and an unquantifiable number of software.

Pretty Good Privacy/Public Key Cryptography is far from flying cars and hover boards, but it is still pretty good sci-fi. Though reading its white papers or technical articles makes it easy to fall asleep, new technologies built with or upon PGP are astounding. Among these projects are anonymous proof of identity systems, decentralized peer-to-peer network based agreements, and, my favorite, autonomous corporations. There is too much to say about all these systems to cover them here. However, as PGP is concerned the cliché “When you’ve done something right no one will think you’ve done anything at all” applies. (Unless something breaks, thanks Heartbleed).

By Alex Sherbuck, Systems Analyst – ISDR

Leave a comment

Filed under ISDR

ISDR Class of 2015: Paving the Way

Caleb MullerWhen I first applied to the ISDR Program, I had no idea that it would be the first year of the program. I was expecting there to be a great deal of structure and requirements, but what I found was more the opposite. While there was still some structure, the first ISDRs were given the freedom to pave the way, to make the program into whatever we wanted it to be.

The program is a unique opportunity that few get the chance to experience. After learning the ropes, we hit the ground running. Before our first monthly meeting, we had already spontaneously decided that our first Day of Caring would be to refurbish old Macintosh computers at Goodwill in Pittsburgh. Since then, we have developed a Wiki to document our rotations, hosted numerous service events, planned a large fundraiser for the end of the summer, and been involved in recruitment and interviews of Summer Associates and the next class of ISDRs.

Personally, this has been an empowering experience. I’m not sure where my drive comes from – whether it’s from being a competitive runner or that I’ve been highly ambitious since I was a child – but I thrive on being challenged. I excel when I am thrown out of my comfort zone. Being a part of the first class of ISDRs created this experience for me. I am constantly challenged in my rotation, through organizing events mostly from scratch, and in presenting my work to senior leadership, just to name a few areas. It is sometimes a little nerve-racking not knowing where the program is going to go and where it will take me, but it keeps me on my toes and that’s a great thing.

Although the ISDR Class of 2015 will be the only “first class”, the nature of the program allows for growth and change to continually make it better and more fulfilling. There is no set-in-stone picture for how the two years and four rotations will go. So, if you are one of the lucky ones who are accepted into the ISDR program, don’t think you have missed out on the chance to pave your own way!


By Caleb Muller, Systems Analyst – ISDR

Leave a comment

Filed under ISDR

Work Environment: An Important Piece of the ISDR Puzzle

The ISDR program is great in that it provides us the opportunity to not only explore different areas of IT at UPMC, but it also exposes us to different work environments and work cultures.Whitney Soldo

I’ve had a lot of jobs over the years: babysitting, tutoring, retail, random on-campus jobs at college, internships, and now 2 out of 4 rotations in this program. I’ve worked in an array of settings with a range of employers, and with a diverse pool of team members and managers. However, until this point, I haven’t really had the chance to reflect on my ideal work environment and culture. To figure this out, I think it’s important to consider what has or has not worked for me in the past and what environment will be conducive to developing my skill set, networking, and furthering my overall career development.

While I could have some pretty high-maintenance, temporal demands like needing an all-paid yoga studio in the building, and a window view so that my plants have a chance of surviving (although I wouldn’t complain if those were available), I’ll be reasonable –

My ideal work environment is being surrounded by people I get along with, having people to eat lunch with, and one where everyone around me is supportive, helpful, open-minded, respectful, and not afraid of change.

We spend roughly 34% of our waking hours at work. That’s a LOT of our time! It is important that we find a work environment that provides us with what we need and expect, and ultimately is a good fit for us. For those of us just entering the corporate world full time, we have great ideas, we have energy, we are willing to learn and work (and work hard), we want to contribute, and we want to find something we love doing that we can help with. We want to be full speed ahead, but that may not be the environment we are walking into, so there may be an adjustment period of adapting and finding common ground, learning and mistake-making. In our deep dive with Tami Minnier, she said that “to be successful you cannot only be competent, you have to be confident.”  I know there will be people and places that make me question my confidence, but I also know that I have worked in great places with great people that through challenging work have fostered healthy environments and as a bi-product promote confidence. 

When considering future rotations and positions following the ISDR program, I will definitely be asking questions (and I would encourage everyone reading this to do the same!) to make sure I’m not only focused on content of work, but also work environment, and how I will fit in and contribute, because I believe work environment plays a huge role in productivity and functionality.

(But flexible work hours, a yoga studio, and other amenities at all of my rotations may help my morale, too!)

By Whitney Soldo, Systems Analyst – ISDR

Leave a comment

Filed under ISDR

A Shift in Thinking: How the ISDR Program Shaped My Career Goals

The two rotations that I have experienced so far at UPMC have changed my perception of career goals.  Going into college, I knew what I wanted to study.  I knew for years that computer science was the road ahead of me.  Upon graduation, I had the same belief that software engineering would be my career path.  I decided that doing a rotation program would be a unique opportunity that I could greatly benefit from, and one that I would not have a chance to experience later in my career.  However, what I was really looking forward to was being in a software engineering role. KellyPhotoWhat I have experienced so far in the program has challenged the former clarity I once had about my career.  Working for such a complex organization like UPMC’s Information Services Division exposes you to so many moving parts.  There are a several different groups that I have encountered throughout my rotations of which I can envision myself being a member.  This has really led me to considering other possibilities for my career in the future.  I love software engineering, and still plan on doing so at some point in the future, but who knows?  This uncertainty used to scare me, however, with the insight I have gained through this program, I now find it exciting. The opportunities at UPMC are abundant, and with my experience from the ISDR program, I am well equipped for whichever one comes my way.  At the very least, I now have a much deeper appreciation for the other areas of ISD, and a sincere interest in experiencing different roles.

By Ryan Kelly, Systems Analyst – ISDR

Leave a comment

Filed under ISDR

Lessons Learned as an ISDR

1. It’s harder than you would expect to coordinate with others. Coordinating with others while in college is fairly straightforward: “Hey do you want to grab coffee and work on our project after class?” – “Sure, that would be great!” Most of the time, this method is effective. Transitioning into a professional environment, the situation becomes similar to: “Hey do you want to grab coffee and discuss our ideas for our upcoming meeting?” – “Sure, I’m busy this afternoon and  tomorrow morning, and you are booked tomorrow… it looks like we both have a free half hour on Thursday so we can meet then!” Everyone has a busy schedule and trying to find time can sometimes be very difficult. This is increasingly difficult when trying to plan meetings with larger groups.

2. Public speaking is not as scary as it seems. When I started the ISDR program, I hated the idea of speaking in front of people. It was not something I felt I was particularly good at, or had much experience with. I was afraid of people asking questions and not being able to answer them. Luckily, I found out that speaking about your own accomplishments is far easier than giving a presentation that you had to research information for. Because you did all of the work, and understand the information you are presenting, the speaking aspect is not nearly as scary. Realizing that ‘I did this’, made the experience less nerve-wracking and has been easier ever since.

3. Excel is your friend… and your enemy. If you think you will not use Excel in your career (like I did), you are mistaken. Whether you are working on a budget, or using it to keep information together, you will use it. Excel is a powerful tool. Having an understanding of Excel is one thing, but being an Excel wizard is an entirely different story. Pivot tables can be your best friend, putting together complex formulas from multiple spreadsheets can be your worst nightmare. I have a love/hate relationship with Excel, and it’s very likely to stay that way.

4. There is way more to corporate IT than what I originally expected.
There are many different groups throughout ISD that work together to run the business. Learning how these groups work together takes some time figure out. Who is in charge of what? Who needs to approve this before it can be moved forward? The amount of areas can be intimidating, but they become easier to understand as time goes by.There are many different groups throughout ISD that work together to run the
business. Learning how these groups work together takes some time figure out. Who is in charge of what? Who needs to approve this before it can be moved forward? The amount of areas can be intimidating, but they become easier to understand as time goes by.

Antonio Greco Image 25. Network, Network, Network. Networking is very important,
especially when moving from one rotation to the next. Your client in one rotation could be could be your team in the next. Networking is also beneficial when you are looking for more information. If you know someone in a particular area, you can feel comfortable reaching out to them for advice or to point you in the right direction. It’s also good to build relationships with everyone you meet, because you never know where you might end up when the two years are over.

By Antonio Greco, Systems Analyst – ISDR

Leave a comment

Filed under ISDR

Life in the Cave

Gone are the days of interns fetching coffee, filing papers and stapling for hours.  As any Summer Associate knows, internships at companies like UPMC are coveted positions of which we prepare ourselves for up to a year in advance by seeking out the most desirable programs, stalking HR representatives and rewriting our resumes to the point of perfection. Most of my expectations were met as I look back on the program: involvement in big and important projects, corporate events, dress codes, networking events and more.

Anne MerrickHowever, one aspect I never saw coming was sitting in a square formation with 11 strangers staring at one another into a medium sized conference room with no windows.  Fondly labeled as “The Cave” or “the S.A.C.,” (Summer Associates Cave), we Marketing/Communications Summer Associates quickly got to know each other very, very well.  It would be misleading to say that this was not a challenging arrangement for everyone, but it was a situation that was clearly an invaluable preparation for any professional working environment.

For some reason, people in the office seem to have the impression that The Cave is a quiet place.  This is likely due to our innate ability to stop mid argument or laughing fit, whenever anyone other than a Summer Associate walks in.  Little do they know, they probably missed by seconds a heated argument about the Royal baby, a flying stress-ball or everyone reduced to tears of laughter from our witty dialogue.  I’m not exaggerating when I say, we all know everything about each other.  We should probably make a pact, in case anyone ever wants to run for office someday.

The Cave is our war room.  It’s a place of solidarity and teamwork, where we celebrate each other’s wins and challenge each other’s losses.  And it’s not like we all love each other, but the atmosphere became one where we couldn’t help but be there for each other.  Everything took place against a backdrop of ambition, perfectionism, and dedication.

The Cave experience was invaluable.  It was full of those intangible lessons that at the time are annoying and frustrating but in retrospect were the highlight of the summer.  There probably isn’t a single work experience we couldn’t handle.  In a lot of ways we were legitimately like puppies.  We honestly had to watch our group sugar consumption so we didn’t get too wound up, and we poked and prodded at one another to no end.  We learned to love it, we got sick of it and each other, but ultimately we were made better for it.  And while The Cave helped us in a larger, professional sense, it truly fostered lifelong friendships.  My fellow Cave-mates inspire, motivate, infuriate and comfort me and I will miss them all very much.  So here’s to the cave life!

By Anne Merrick, Summer Associate

1 Comment

Filed under Marketing, Summer Associates