Female experts in cybersecurity shared their advice and experiences working in the public and private sectors in a panel Wednesday.
The experts discussed the cybersecurity industry’s intersection with technology, recent threats to cybersecurity and measures taken to mitigate them in the field. Anna Agnes, the co-chair of the Security Policy Studies Program Student Board, and Ethan Trucker, an SPS Student Board member, moderated the event, which was sponsored by the board.
Cheri Caddy, a senior advisor for cybersecurity at the U.S. Department of Energy, said she remembered growing up with a family who worked in the engineering field and writing code “for fun.”
Caddy said one of her mentors hired her because of her background in software and website development, believing the cybersecurity industry needed people that can “translate” between technology and policy. She said the demands for cross-sector experience, known as “cyber-and,” continue to grow.
“We will always have the need for computer scientists, purely technical folks that really stay in the technical realm, but I think the bigger, more growing need, is the need for ‘cyber-and,’” Caddy said.
Sayako Quinlan – a digital forensics consultant at CrowdStrike, a cybersecurity technology company – said while industry leaders expect employees to be open to more technical concepts in cybersecurity, it doesn’t mean that computer science knowledge is required for a job in the field.
“Everyone thinks cybersecurity – ‘Oh you need to know how to code,’” she said. “You do not need to know how to code.”
Rhea Siers, the former deputy assistant director for policy at the National Security Agency and a professor of international affairs at the Elliott School, said the required risk assessment skills between security policy experts and financial analysts contain their own similarities.
“A number of my students have gone into the banking sector on my recommendation because I think they have developed the critical thinking and other skills at Elliott that they can use as risk analysts in the financial sector,” Siers said.
Siers said private citizens need to take an active role in monitoring their data security. Citizens should remain “insistent” on learning about basic personal data protection and seek out institutional change, she said.
“As a consumer, you need to insist on the basics and you need to insist on data breach legislation that protects you,” Siers said.
Michele Markoff, the deputy coordinator for cyber issues in the Office of the Coordinator for Cyber Affairs at the U.S. Department of State, said her work has focused on cyber threats and modern weapons of mass destruction.
She said her work designing security policies specific to cyberwarfare as a cyber-diplomatist was initially challenging because national leaders didn’t identify cybersecurity as vital to international security until the Human Rights Act of 1998. Markoff said the defense community “woke up” to the threat of digital connections – virtual networking that links a user’s professional and personal contacts – after the act’s passage.
“The analysis that shapes what it is we do is designed to reduce the prospect of conflict, ensure the possibility of communication between nations, getting like-minded states and partners to act together to attribute bad behavior to malicious actors, to stand up and impose costs on bad actors,” she said.