Government & the defense industry focus on cybersecurity
Both the threats and the safeguarding approaches have changed with the
ever-increasing presence of the Internet
"Teamwork is a critical part of cybersecurity." – Monika Coflin, NRC
By Sue Marquette Poremba
Since our country was founded, security and defense of the nation's welfare have been priorities. Today, both the threat and the safeguarding approach have changed with the ever-increasing presence and importance of the Internet and its infrastructure. Throughout government and in the defense industry, the focus on better cybersecurity is growing.
Dianna Peterson, director of strategic workforce planning for the Boeing Company (Chicago, IL), notes that "Everything that connects to a network needs cybersecurity. Boeing produces some of the world's most advanced products and technologies, and we're looking for a variety of skills including cybersecurity, network communications, software engineering and systems engineering."
Part of the problem is finding enough techies who are trained in, or even interested in, cybersecurity and risk management. Colleges are just beginning to focus on this field of study.
But perhaps college is not the ideal starting point. Howard Schmidt, the White House cybersecurity czar, told a recent info management meeting that the time to reach out to potential cybersecurity experts is when they are still children. Schmidt stressed the need for stronger STEM education to make sure technically gifted children are getting the right tools to prepare them for IT and security careers.
Finding the best
Rear Admiral Robert Day of the U.S. Coast Guard (Washington, DC) agrees that the most important thing is to find the best cyber analysts, and the difficulty is finding people with the right skills. "You'd like people with a background in computer engineering, network management or IT," says Day. "People with those skills are in high demand."
He finds plenty of people who are good at the assurance aspect of cybersecurity, "But when it comes down to computer engineering, understanding the underlying piece of software coding, and how operating systems work and how to defend them, the skilled people are lacking."
Day has two solutions to that problem. He recommends that college students interested in the field do internships to gain experience, and he thinks that organizations need to create more entry-level positions in security. The Coast Guard is already doing that, he adds.
Captain John Felker, deputy commander of the U.S. Coast Guard Cyber Command, says other kinds of experience can also be valuable in the field. Felker began in cybersecurity when the director of Coast Guard intelligence took him on as an assistant in 2005; from there he went on to command the cryptologic group, gaining experience working with cyber issues, and moved into his current position last year.
"For my job it would be advantageous to have a deep background and understanding of technical aspects of cybersecurity, network routing systems and such," Felker says. "I don't have that background, but our concept is that cyber touches virtually everything we do from an operational perspective, and I do have a deep operational background.
"There are significant operational aspects of what we do in cyber that help the Coast Guard get its overall mission done."
The cyber command focuses on defense of Coast Guard networks; providing cyber aspects of intelligence to support the mission; and partnering with the Department of Homeland Security to understand how the maritime infrastructure is protected.
Monika Coflin of the NRC: "Teamwork is a critical part of cybersecurity."
Monika Coflin is a cybersecurity specialist with the U.S. Nuclear Regulatory Commission (NRC, Rockville, MD). She came to the NRC three years ago after some time with Science Applications International Corp (McLean, VA), a government contractor, and works in the NRC's office of nuclear security and incident response.
Coflin has a 1993 BSChE from the University of Virginia and a 1997 MSEnvE from Johns Hopkins University (Baltimore, MD). "An engineering degree shows you know how to analyze and solve problems in many different ways," she says. It's a skill that works very well in the cybersecurity field.
"My involvement with cybersecurity started because I was an engineer in the right place at the right time," Coflin explains. Around 1997 the field was taking off and her office had a contract with the Defense Information Systems Agency.
"Because of my educational background I was given the opportunity to learn on the job and the opportunities kept growing. I went back to school to get my graduate certificate and eventually the certified information systems security professional (CISSP) certification. The work was interesting and there was plenty of it, so I never looked back."
NRC's mission is to protect public health and safety, and in 2009 the agency issued a new cybersecurity regulation, 10 CFR 73.54, Protection of digital computer and communications systems and networks. The rule affected existing nuclear power reactor licensees and corporations applying for new reactor licenses, requiring them to submit a new cybersecurity plan and an implementation schedule for NRC approval.
Coflin is part of a division responsible for reviewing and approving the plans. "We also developed a regulatory guide that outlines an NRC-approved method for meeting the new rule," she notes. The guide includes recommended best practices from the International Society of Automation, IEEE and NIST and guidance from the Department of Homeland Security.
"Cybersecurity encompasses such a wide variety of topics," Coflin says. "The people that work in the field didn't necessarily start out in it. They could have backgrounds like me in engineering, or in areas like security, IT, CS, emergency planning, forensics or enforcement, but they can all bring different perspectives and skills for on-the-job problem solving. Teamwork is a critical part of cybersecurity."
Barbara Randa: cybersecurity engineering director with the MDA
Barbara Randa joined the Marines after high school and was on active duty for twenty-two years. Early in her service career she was sent to an internship program at the National Security Agency (NSA, Washington, DC) and earned college credits at the National Cryptologic School. "The NSA has a program that a service member can apply to, but only a few are chosen each year," she explains. She went into the Marine Corps' Cryptologic Systems security administrator program, equivalent to a CS degree.
In 2006 Randa retired from active duty and began working with the Missile Defense Agency (MDA, Washington, DC) as a contractor. She worked in IT systems first, then in the information assurance division. "We reorganized and it's now the cybersecurity engineering division," she says; she is a cybersecurity engineering director.
"We protect the ballistic missile defense weapon system, so we have oversight on how the systems engineering programs work," she explains. "We make sure the security portions of the applications and systems the engineers use are technically sound. We have to be compliant with NSA regulations to protect our systems from cyber attacks."
When she began working in the IT field she started at the bottom and worked her way up. "I did server management, I did helpdesk. There are a lot of things you normally do for IT. But when you move into the information assurance part of it, you need to understand policies better."
That's why Randa went for her information systems security professional certification. "The certification opens doors for you. If you have the foundations required to gain the certification you're qualified for more important jobs."
Moving into cybersecurity was really a natural progression for Randa. "All the systems I've worked on throughout my career have been part of a national security system. I think it is a great thing that I have the opportunity to help protect our nation's security!"
Julie Walker directs cyberspace ops with L-3 Stratis
As director of cyberspace operations at L-3 Stratis (Reston, VA), Julie Walker has two main responsibilities as leader of Stratis' San Antonio, TX operation.
"First, I oversee a portfolio of programs which are primarily cyber related; I work at all levels of a project. I try to help my program managers execute their programs to the highest standards, and I work with team members.
"In cyber we have programs to develop, test, maintain and assess software systems for various U.S. government customers. We also develop training protocols for several of our programs," she explains.
Her second responsibility is to help grow L-3's cybersecurity market. "As a company we get a significant amount of annual revenue in cybersecurity products and services, and we want to grow our business base."
There are many customer requirements, she notes. "Everyone wants faster, safer networks. Everyone wants their private online information kept secure and private. There's a huge need for training, whether it's basic cyber hygiene for the casual Internet user or highly technical training on specific hardware or software for network operators."
Walker grew up in a military family, so attending the Air Force Academy (Colorado Springs, CO) was a logical step. She developed an early interest in engineering, and received a BS in general engineering in 1987, then went to Harvard University (Cambridge, MA) to earn a 1992 master of liberal arts in extension studies with a concentration in government.
She served in the Air Force for twenty years as program manager and intelligence officer, and after her retirement in 2007 she went to work for L-3.
"Most of my program management experience in the Air Force was in software-intensive systems that supported collection and analysis of data," she says. Once analyzed, the data became "actionable" information, supporting decision-making in routine and/or crisis situations.
That was great experience for transitioning to work in cyber operations. "I was fortunate enough to be stationed at Lackland AFB, the USAF's center for cyber operations, from 2001 to 2005," she says. "Cyberspace was a relatively new domain and it was fascinating to participate in the process of defining the domain and its missions. There's still a lot of work to be done, but we're making progress."
One of the challenges in the job, she notes, is defining all the new issues faced in a cyber world. "For example, what is an act of cyberwar and what actions are illegal in that context? Nothing is clearly defined yet."
Jennifer Yopp is a research analyst with CNA
After she completed her BA in communications at North Carolina State University in 1997 Jennifer Yopp worked for a printed-circuit-board designer and manufacturer. She worked closely with EEs and MEs, and was impressed by the opportunities and flexibility they had, so she returned to North Carolina State for a 2003 BSEE and a 2004 MSEE.
Then she took a research position with CNA (Alexandria, VA), a company that applies its research and analysis to issues of national security, defense and public interest. "I had planned to go into semiconductors, but after I talked to CNA I was intrigued by the opportunity to support the Navy and Marine Corps as a civilian."
As a research analyst Yopp works on defense and national security issues. "Because the Navy and Marine Corps' issues are so unique, we have to take a creative and disciplined approach to the problems," she says. The skills needed for her job include the ability to work in a dynamic environment, learn about new areas quickly and take a structured approach to each new problem.
For two years Yopp was attached to the First Marine Expeditionary Force (Camp Pendleton, CA) and deployed twice with them to Iraq. "There was a dramatic increase in improvised explosive device (IED) attacks and troop casualties, and I was asked to help understand the causes of the casualties, what types of IEDs were doing the most damage, and the enemy's tactics for targeting Coalition forces."
She finds that being a woman in a male-dominated field isn't difficult. More challenging is that she is often the youngest person in the room. "It's critical to build credibility from the beginning. Once I prove that I understand the problems and can help solve them, it makes my work relationships more productive and effective."
The FBI's Audrey McNeill heads the "innocent images" child crime division
Audrey McNeill has served in law enforcement for more than twenty years. After she got her 1988 BA in sociology and anthropology from Carlow University (Pittsburgh, PA) she worked as a police officer for the Metro Police Department in Washington, DC. She joined the FBI (Baltimore, MD) in 1998, starting in Newark, NJ as a field agent.
She moved into violent crime and then to cybercrime, focusing on child sexual exploitation matters. She became a supervisor in the FBI's Innocent Images Unit, and was promoted to unit chief in 2009. Her unit is one of four that implement the Innocent Images National Initiative.
McNeill has two field squads and several analysts. "Our strategy is to pursue domestic and international groups that are exploiting children," she explains. "We also do a lot of foreign liaisons." McNeill oversees the Innocent Images international task force of ninety law enforcement officers from forty countries.
She went into cybercrime to learn new cyber and computer skills and expand her investigative expertise. The cutting-edge child-crime unit was a natural: "I thought it was so cool to do criminal work and cyber work together, and to help protect children."
Computer skills were necessary, of course, but McNeill points out that in cybersecurity other skills are equally important. "My interviewing and interrogation skills helped me develop a rapport with someone who was producing child pornography online, but I did have to develop skills like analyzing a computer registry, and understand the techniques that cyber-savvy criminals use to evade law enforcement online."
She didn't start out so cyber-oriented. "I was from the generation where you could go through college without really needing a computer. I never thought I'd be in law enforcement, and then the FBI, and then running a unit that depends on computers to do its work."
After years of working in the security field she still loves it. "You have to stay ahead of the bad guys, so you are always looking for the newest trends."
Alisha Kloc: at Boeing, the intersection of law and technology
Computer forensics is the CSI of the digital era, says Alisha Kloc, a systems security engineer at the Boeing Company site in Sunnyvale, CA. "It's what happens when data is lost and a security breach has occurred and you are trying to figure out if it was an accident or if it was malicious activity; and if it was intentional, identifying as many specifics of the breach as possible," Kloc explains.
Kloc is definitely in the new generation in her field. She completed her BS in computer forensics at the University of Advancing Technology (Tempe, AZ) in 2009.
What interests her about the field is the intersection of law and technology. "Right now there's a big disparity between where law is and where technology is, and the law is struggling to keep up," she says. "Forensics is one way to help the law catch up while making sure technology stays in the realm of the law.
"Cars run on computers," she notes. "Everybody has smart-phones and one or more computers at home. The ability to protect computers and the computer-related areas that people depend on appealed to me."
She wasn't always so interested in computers and technology. "I actually started working in a law office, and that's where I started to see this disparity," she explains. When she completed the computer forensics degree Kloc was hired by Boeing as a systems security engineer. She's part of a team that builds, tests, installs and maintains integrated security solutions for a government customer. "We have to understand the kinds of computer threats facing networks and find the best way to counteract those threats.
"You need to be able to communicate," she advises. "You can know all kinds of programming languages, but if you can't communicate your ideas it isn't going to help. We have to write documents so the people operating the system can understand them, as well as the people who built the system and the people selling the system."
Kloc loves cyber technology and works to pass along her enthusiasm and methods. She volunteers at the Western Regional Collegiate Cyber Defense Competition, and also provides information for her mother, a teacher, to share with her classes.
Diversity at Boeing
Joyce Tucker, Boeing VP of Global Diversity and employee rights, notes that the company is "working to tap into the diverse backgrounds and perspectives of our team, and to leverage their differences as strengths to create a competitive advantage for Boeing.
"That approach helps foster a diverse and inclusive workplace, where people can participate in decisions on how to advance both their own professional growth and our common business objectives."
Sejal Vira is an intelligence officer with the DIA
When Sejal Vira became a cyber analyst with the Defense Intelligence Agency (DIA, Washington, DC) she had the pleasure of knowing her work would make a difference in national defense. "It presented unique ideas and dynamic changes that were important for the threats our country faces," she says.
She didn't start her career in cybersecurity. After graduating from the University of Florida in 2002 with a BS in info sciences she began as a network engineer. "I was working on a DoD contract and had the opportunity to meet with other agencies," she notes. "I realized that at DIA I could apply my skills to provide direct intelligence analysis."
She joined DIA as an analyst responsible for understanding global Internet structure. She now oversees other analysts and applies methodology to support computer network operations. "We provide analytic support related to the U.S. Cyber Command's mission," she says. "It's been a busy year, but we're proud of our successes to date."
The biggest challenge, she believes, is the dynamic nature of cybersecurity. Adversaries are always coming up with new ways to attack, and it's Vira's job to understand how these attacks may happen, and defend her system.
"We're all learning this together, all the agencies working together," she says.
DIVERSITY-MINDED ORGANIZATIONS IN SECURITY & INTELL
Check websites for current listings.
|Company and location
|Boeing Company (Chicago, IL)
|Aerospace technologies and security and
|CNA Corporation (Alexandria, VA)
|Defense Intelligence Agency
(Washington, DC) www.dia.mil
|Department of Defense combat support
|Federal Bureau of Investigation
(Washington, DC) www.fbi.gov
|L-3 Stratis (Reston, VA)
|Science Applications International Corp
(SAIC, McLean, VA) www.saic.com
|Scientific, engineering and technology applications
|U.S. Coast Guard (Washington, DC)
|Military operations within Homeland Security
|U.S. Missile Defense Agency
(Washington, DC) www.mda.mil
|U.S. Nuclear Regulatory Commission
(Washington, DC) www.nrc.gov
|Nuclear operations and safety
Back to Top