CyberWire Daily - Kiersten Todt: Problem solving and building solutions. [Career Notes]
Episode Date: August 23, 2020Managing director of the Cyber Readiness Institute Kiersten Todt shares how she came to be in the cybersecurity industry helping to provide free tools and resources for small businesses through a nonp...rofit. She describes how her work on the Hill prior to and just after 9/11 changed. Kiersten talks about the diversity of skills that benefit work in cybersecurity and offers her advice on going after what you want to do. Our thanks to Kiersten for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
Hi, my name is Kirsten Todd, and I'm the Managing Director of the Cyber Readiness Institute.
One of the things that was both exhilarating and created some awareness for me was the power of people to make change at the state level.
And, you know, when I came to work in the federal government, I think what always struck me as well, particularly when I was working on the Hill, was that, again, it was the choices and the decisions of individuals that have impact.
I went up to the Hill to work for Senator Lieberman as his economic policy advisor at the time. And the Governmental Affairs Committee, you know,
at the time was truthfully one of the more boring committees. It did post office namings,
some appointments of positions that you're not really familiar with. And it was this very
interesting point of gut where, you know, on paper, it didn't look interesting to me. And I'd
actually just been offered a job in the private sector on urban development, which I love. But
something in my gut said to take it. And my first assignment for him was to do a hearing on critical
infrastructure protection that was scheduled for September 12, 2001. So 9-11 happened on that Tuesday. And we got on the phone, Senator Lieberman, his staff
director, and a couple of us who were working on the hearing. And he said, I want to go through
with it. And so we were the only hearing on the Hill on September 12th. And it was a very different hearing because we were supposed to have witnesses flying in
and we just had two witnesses who could get to the Capitol.
And in that hearing, Senator Lieberman turned to two of us and said,
we need to look at having a Department of Homeland Security,
which does not sound as foreign now as it certainly did then.
No one was even using the word homeland long before the TV series,
long before anybody was looking at it.
And so I ended up working on the legislation to create DHS
from September of 01 to November of 02,
right up until President Bush came out with a counter
to the DHS proposal in June of 02.
And then I began working with them and collaborating on that legislation
and worked on that legislation and worked
on drafting the Cybersecurity Infrastructure Protection, Bioterror, and R&D Directorates for DHS.
So working on that legislation, I became involved in cybersecurity and risk management
and emergency preparedness. And I moved out to California and worked with the governor's office on that and then began getting more involved in cybersecurity as the intersection with physical
security. So as I was looking at risk management and emergency management and homeland security
from a physical side, that quickly merged in over a couple of years with the inextricable
link between cybersecurity and physical security. From there, I started my own company looking at cyber and risk management
and was brought in to work on the NIST cybersecurity framework.
And then in 2016, was asked by President Obama
to run his commission on enhancing national cybersecurity.
And following that work, several of the commissioners and myself
launched a nonprofit called the Cyber Readiness Institute,
the mission of which is to convene senior leaders of global companies to provide free tools and resources for small
businesses. And so that is what is currently taking up my day-to-day is being able to provide
tools to small businesses in cybersecurity, recognizing that there are components and
critical components of global value chains, and we have to do more to help them.
components of global value chains, and we have to do more to help them.
I think what's important to remember about cybersecurity and policy and where these issues are is that the two critical elements to them are, it's about problem solving and building
solutions. And what that means is that's a pretty interdisciplinary field. And so what I would
encourage individuals who are interested in this space to look at for themselves is recognize that there are a lot of skill sets and capabilities that are relevant to cybersecurity.
And historically, we haven't done a great job of attracting the diversity of skill set.
We tend to think it's about, you know, science and technology and engineering, but sociology, psychology, history, politics,
all of these aptitudes are really critical to cybersecurity. And so being honest with yourself
about what your aptitudes are, and then being able to feature them and position them as opportunities
for building out innovation in this space. I would always encourage everybody to, any individual,
to go after what you really want to do.
Don't waste time going after what you think you can get
because you're worried about rejection or not being able to achieve it.
I think what I have learned, I'm a big fan of cold calling.
I'm not sure that it still is an effective tool,
but I've gotten some of the most interesting jobs by picking up the phone and cold calling.
As long as you can handle the word no, it's always worth going after what you want,
because I think that in and of itself creates enthusiasm and interest and energy in yourself
to figure out what makes sense. And I think sometimes as humans, we tend to self-select ourselves out of opportunities.
But I would encourage everyone to,
any person to really go after
what they're most interested in,
or at a minimum, talk to the people
who have the roles that you aspire to have or to achieve. Thank you. thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization
runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.