One of the best things about being the managing editor of Government Technology Insider is talking with our sponsors’ subject matter experts. They’re exceptionally smart people who know their field inside and out and bring with them experiences that add perspective to help find solutions for their customers.
We recently met Lauren Burnell, who leads Federal Programs & Cloud Alliances at FireEye to talk about how public sector organizations can address one of their biggest cybersecurity gaps – securing data in the cloud. But in talking with Lauren it was clear that her story – from the United States Naval Academy to her years as a Navy Cryptologic Warfare Officer – is not only interesting but lends so much to her understanding of the cyber risks facing government agencies as they endeavor to secure the next warfighting domain.
Here’s Burnell’s story about her career in the field of cybersecurity from the Navy to the private sector and how she works to support the critical mission of keeping the nation’s information and infrastructure secure.
Jenna Sindle (JS): As we all know, there aren’t many women in cybersecurity, how did you get your start in the field?
Lauren Burnell (LB): You’re so right – there aren’t enough women in cybersecurity and that’s something we must change! There are many phenomenal STEM mentorship programs out there, and with the workforce gap in cybersecurity only continuing to increase, we need to encourage everyone in the next generation to consider this vital and dynamic field.
I got my start in the field at the United States Naval Academy, where I received great exposure to technical fields like electrical engineering and ended up focusing on data analytics. Those quantitative skills provided a solid foundation for my time in the Navy’s Information Warfare Community. After completing graduate school, I served for five years as a Navy Cryptologic Warfare Officer supporting cyber, signals intelligence, and electronic warfare missions. I found my passion for cybersecurity during my time on active duty; I love that it is such a mission-oriented, team focused field where we get to daily protect such a critical domain.
JS: What did you learn from your military service and public service about the cybersecurity threats that face the nation and the ways they can be mitigated?
LB: I was lucky enough to serve in both National and Navy roles during my time on active duty with incredible teams. I learned firsthand that that cyberspace is a true warfighting domain that brings its own unique challenges. Earlier this year the U.S. Department of Defense acknowledged that it fights 36 million email attacks every day, including many phishing attacks. Phishing doesn’t only target cyber warriors in organizations but affects everyone who touches the network during their daily tasks which greatly increases the attack surface. As a result, broad training and awareness across the organization is extremely important and it requires executive buy-in. Another key takeaway from my time in military service is the importance of information sharing – across departments, across agencies, and from industry.
JS: How did these experiences help shape your perspective when you transitioned to the private sector.
LB: My time on active duty has absolutely shaped my perspective – I feel privileged every day that at FireEye I still get to support those who continue to serve, not only in the military but across all levels of government. When I transitioned from the military, I was awed with the level of innovation private sector can bring to the table. It’s clear that we need to do more to get the right capabilities into government missions faster. We need expand our partnership across the government-industry aisle as we tackle challenges like cloud security and securing the supply chain. By doing this, we will be stronger together against the asymmetric threat we’re facing in cyberspace.
JS: What advice would you give to public sector cyber teams trying to protect their agency and mission from the constant barrage of attacks?
LB: We must become more proactive in cybersecurity. To do this, we have to understand the adversary. Tactical intelligence is critical, but our threat intelligence must go beyond indicators of compromise (IOCs) to ensure we have a true understanding of attackers’ emerging tactics, techniques, and procedures (TTPs). In the information domain, too often we forget that we’re still fighting people, not merely the tools they leverage. Understanding the current threat allows us to build out the right capabilities to defend the mission, and an intelligence-driven security team will be able to better prioritize and act. That’s a key point – it isn’t enough to have intelligence, it has to lead to better decision making. With many public sector cyber teams facing the reality of a shortage in skilled cybersecurity workers, we need to operationalize this process with automation.
JS: Can you share one more vital piece of information that government security leaders should know?
LB: As I shared on FireEye’s recent Cloud Security Strategy webinar, Mandiant reported in M-Trends 2018 that based on their incident response engagements in the Americas region, attackers were on victim networks for a median of 75.5 days before being detected. This is far too long. We need to free up security teams from everyday ticketing tasks, so they can focus on cyber threat hunting. We should expect the adversary to continue to perform long-term cyber operations including those below the level of armed conflict. Our teams need to be empowered with the right intelligence, technology, and training to proactively hunt and protect the mission across the public sector.
Want to hear more of Lauren’s insights on defending the nation in cyberspace? You can do that here.