About me. How did I come to Love Cybersecurity?

For a long while, I worked at the Treasury Department. My job was to help taxpayers, everyday people like you and me, manage their tax accounts. This meant I processed claims, amended returns, and fielded taxpayer questions and concerns. Think of it as “customer service for the IRS.” I helped people resolve their issues on the voluntary side of things. I know people think of the IRS negatively, but I spent my days helping people solve problems that they needed solving. I was a servant of my country and took that job seriously. I liked helping people, helping them to be knowledgeable, and helping them to pick themselves back up after a fall. This was my first experience with working in tech, but as a subject matter expert of ancient, but secure, government accounting systems.

One of the biggest projects I became involved in was identity theft. That really affected me. I hated to see how terrible being a victim of identity theft was for the American people. I hated how widespread a problem it was becoming, even with all the massive efforts to stop it. It kept being a major issue. So I decided. Rather than being the person who cleans up after the fact and helps people to recover. I wanted to be the person to prevent identity theft. The ID theft didn’t start at the government systems, it started in out in the IOT.

So, I went back to school, and I got my Masters in Computer Information Systems. I snuck in a few extra graduate certificates as well, in Cybersecurity, Business Intelligence, and Business Systems. I was ready to be a “real” tech person–a tech person on the development side of things.

When I started in cybersecurity, I joined a company that had begun building its security program from the ground up a few years before I came on. A lot different from my Treasury experience in a well-honed, process-oriented federal system. It was a new department, working with full executive leadership support mind you, but it was a daunting endeavor. We were building processes that were fresh, not decades old like the Federal ones, and we were also facing adoption concerns. Not only did hundreds of developers have to modify their workflows, we had to adapt over a dozen pre-existing systems to the new processes. A difficult task, even with full buy-in. This company started out working to align with NIST 800-53 rev 4 (then later rev 5) which is an enormous amount of work. NIST 800-53 has over 600 pages of information that helps you design a security framework for your own business. It is flexible and we had to design it to bend around so many different systems, many the products of acquisitions, and none with the same internal infrastructure. It is a big project to take that on, but we did it! We successfully brought 6 products to GovRamp Ready for Moderate Impact and 2 more were in the works for GovRamp low impact and FedRamp low impact. A huge accomplishment from an organization that started from scratch. I was proud to be a part of it.

I wanted to see how things fit together. To protect it. And to make it better.