CyberWire Daily - Andrea Little Limbago: Look at the intersection of the of humans and technology. [Social Science] [Career Notes]
Episode Date: December 13, 2020Computational Social Scientist Andrea Little Limbago shares her journey as a social scientist in cybersecurity. Andrea laments that she wishes she'd known there is no straight line between what you th...ink you want to do and then where you end up going. Beginning her career in international relations and courted by the Department of Defense's Joint Warfare Analysis Center while teaching at New York University, Andrea began her work in cybersecurity. Her team was one of the first to start thinking about the intersection of cybersecurity and geopolitics and quantitative modeling. Andrea reminds us there are many paths and skills needed in cybersecurity and hopes she opened some doors for others. We thank Andrea for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. walls and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware
attacks and a $75 million record payout in 2024. These traditional security tools expand your
attack surface with public-facing IPs that are exploited by bad actors more easily than ever
with AI tools. It's time to rethink your security. Zscaler Zero Trust plus AI stops attackers
by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement,
connecting users only to specific apps, not the entire network, continuously verifying every
request based on identity and context, simplifying security management with AI-powered automation, Thank you. Learn more at zscaler.com slash security.
My name is Andrea Little-Limbago.
I am a computational social scientist.
What I wish I had known is that there is no straight line between what you think you want to do and then where you end up going.
Mine was very circuitous. And so, you know, I started off, you know, undergrad was a romance language and government major. So I really, again, getting back to my love of
international relations, you know, I started there and then took about a year off,
worked in Breckenridge, Colorado as a waitress, and you prepared for grad school.
I was a waitress and you prepared for grad school.
And then in grad school, it was a political science new focus on international relations and methodology as my core components.
And by methodology, that basically means modeling in a quantitative way. How do you model everything from your regime type democracies to authoritarian regimes to what you know the relationship between military personnel and foreign direct
investment. After grad school when I got my degree I taught briefly at New York
University and then the Department of Defense reached out to me at a
conference and I chatted with them and I ended up going to work at the Joint
Warfare Analysis Center which is in Dahlgren, Virginia, and ended up leading a team there of computational
social scientists working on a broad range of factors. A lot of it was counterterrorism,
but that's actually where I started getting into more of the cybersecurity angle. But we were one
of the first teams to really start thinking about that intersection of cybersecurity and geopolitics and quantitative modeling.
An important thing that it taught me working there was, you know, in academia you have not an endless amount of time, but you have a lot of time to thoroughly do your research,
to double check your data, to do everything. You go work in the Department of Defense and
it's everything from, you know, we need an answer in the next hour to, you know,
you need a couple days to a couple of weeks.
And so the time horizons really vary.
And it initially is very, very uncomfortable to provide some sort of answer within an hour because you haven't been able to check all the data.
There's always going to be all these assumptions.
But you have to learn how to take what you know, provide the assumptions that are there and still give you your best input that you can.
assumptions that are there and still give you your best input that you can.
And being able to turn that quickly and make sure that also it's relevant to a higher audience as well, to more of an executive level audience, it's actually a really tough skill.
Being able to do research that is operationally relevant is extremely rewarding.
I work on the geopolitics of cybersecurity, so I look at how technologies and security
interact with what's going on in global events.
What I love is doing research and helping support areas that I believe fundamentally
are linked to our own national security and national security is linked to the preservation
of democracy. That to me is just amazing. And it's, you know, it's areas that I love and it's in an area that
I think is one of the most important missions of our time right now. And with democracy on the
decline around the globe, there's, you know, we need more and more people looking at ways to help
preserve democracy within this digital era that we find ourselves in now, because there isn't a
playbook for it.
That's sort of one of my broader goals is to help inspire and encourage other folks with a similar kind of background to come into this area because we need more people that
look at the intersection of humans and technology. And so that's where
I like to focus and that's where I like to encourage others to come in as well.
well. When I first really was in cybersecurity, I think the biggest challenge I had was,
I just remember getting asked almost on a weekly basis, you know, what is a social scientist doing in cybersecurity? And when you keep getting asked that time and time again, you kind of start
wondering, like, what am I doing here? You know, they weren't doing it in a malicious way. They
were like, well, that seems weird. And so you do have to kind of question what you are doing in that industry.
And I think we do struggle a bit as an industry to, you know, open the doors to more people from
different disciplines. And so, you know, justifying my existence within the industry, I think, was
something that it took me a while to overcome. And I would say I still ponder it from time to
time, but I'm always much more confident in my responses on that.
And the great thing is I actually, over the last year or two,
that question has stopped being posed.
And I think it's because we're finally at a point
where we're starting to see that there are humans behind all the technology.
And given that, you need social scientists.
So the challenge of knowing how you fit in
was something that I struggled with quite a bit.
When people think of cybersecurity, they still think of the hooded hacker.
And while that's an important part of it, that's not the only job track that you can take.
There's just so many different areas within cybersecurity.
There's just so many different areas within cybersecurity, and we have a huge gap right now as far as having the skill sets and people in the workplace openings that are out there.
So I would say get involved and read.
Hopefully that I helped open doors to both the kind of research, the integration of more of the rigorous social sciences and to think about
cybersecurity, but opening the doors also just to broader disciplines and different people coming into the industry. Being part of that transition that makes cybersecurity much more accessible
for everyone. Yeah, that'd be great if something along those lines happens. So we'll see.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been
breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more
at blackcloak.io.