Cybersecurity: Alumni Tackle Digital Dilemmas
Humanities and Social Sciences Grads Bring Unique Perspectives to High-Tech Problems
You’ve likely seen the ominous messages before:
“This message seems dangerous.“
“PASSWORD BREACH! Your personal data is not safe.“
Warnings like these remind us that our devices are vulnerable. So are the networks, programs and information they house.
Evolving technologies and threats make protecting these things difficult; however, people are trying. A growing body of cybersecurity professionals works to identify and address susceptibilities — and combat attacks from hackers, nation states or any number of other actors.
Among the specialists forging solutions to these high-tech problems are humanities and social sciences grads. In this article, meet four of our alumni who use their critical thinking, communication and reasoning skills to make a difference on the front lines.
Coleman Mehta ’05
Coleman Mehta is the senior director for U.S. policy at Palo Alto Networks in Washington.
An alumnus of the M.A. in History program, Mehta formerly served as director for legislative affairs on the National Security Council staff at the White House. He’s also held various roles in the U.S. Department of Homeland Security.
What do you do for a living?
I lead Palo Alto Networks’ policy engagement with the U.S. government, both the executive branch and Congress. “Policy engagement” means that we collaborate with government officials as they consider laws or policies to improve digital security.
I draw on my experiences having served in government for more than a decade, and now in industry, to offer advice or perspective on activities the government may undertake, on issues like technology modernization, data privacy, securing 5G technologies, making use of artificial intelligence and machine learning, and more.
Cybersecurity is unique in that governments and industry partners must work together to secure networks spanning the most vital parts of our economy – power plants, health care facilities, defense infrastructure – so it is important that we collaborate to get the foundational policies right.
What are some of the major challenges you face?
Cybersecurity policy is a relatively new field, and even today fundamental questions are still being debated. For instance, only in the last decade has the U.S. government grappled with the challenge of identifying which agencies will protect which government networks, what role the government should have in protecting critical private sector activities, and even how the government should organize itself to effectively respond to cyber attacks.
Other major questions continue to be debated, such as whether law enforcement should be able to compel access to encrypted data on mobile phones and under what circumstances, which has implications for the push-pull between privacy and security. Helping to make progress with these foundational policy questions is an exciting part of being in this field.
How did your time at NC State contribute to what you do now?
NC State played a critical role in my career. The history program taught me the value of rigorous, fact-based reviews. But history is not entirely dispassionate, and it’s equally vital to understand the importance of nuanced, subjective actions in making judgments about historical events and identifying lessons for the future.
This experience served me well when I entered public service and especially when I delved in cybersecurity policy. Significant policy questions rarely have a simple solution, and the history program provided an excellent foundation for tackling thorny topics regardless of the subject matter.
I am extraordinarily grateful to the NC State faculty and my program colleagues as well. In particular, Nancy Mitchell was an amazing mentor who helped me navigate the discipline of history and how it might be applied in a public service career, and I remain very grateful to her and to NC State for its formative role in my education.
What unique perspectives can our grads bring to fields like cybersecurity?
Technology policy is about more than just the ones and zeros of a line of code. In fact, any areas of humanities or social sciences that interest you could be brought to bear in cybersecurity.
I have been lucky to make a rewarding career out of the intersection of technology and public policy, especially as it relates to Congress and how new laws or executive branch authorities make our digital world more secure. But there are many similar avenues to take. For instance, if you are interested in international studies, cybersecurity is a key element of U.S. diplomatic relations with Russia, China, and even the European Union (EU).
Ultimately, technology and STEM can’t stand alone; the humanities offer practical applications of technologies that can help improve lives or, as in the case of cybersecurity, keep our world more secure.
Glenn Moraven ’09
Glenn Moraven serves as director of program management and strategy at Google, where he focuses on all corporate platforms, gLinux, WinOps, and MacOS. Based in New York, Moraven has previously held leadership roles in data protection, cybersecurity, and product and technology strategy for multiple corporations and startups.
Moraven earned his bachelor’s degree in communication from NC State, where he also played wide receiver on the football team.
How can humanities and social sciences grads help solve high-tech problems?
The communication and the culture within technology has made a shift in the past several years. You don’t have to be a Java or Python programmer. You need to be able to understand technological capabilities and assess situations to determine what’s needed.
And a lot of times, those solutions are created through working sessions and working groups led by someone like myself who’s a good communicator. You need people who can reach across the table to technology developers, project managers and other team members. The College of Humanities and Social Sciences really helped prepare me for that in a great way.
What do you enjoy about your work?
Every time we do our status reports, look at attack attempts, and see zero breaches, that to me is a winning box score. It shows you’ve done your job. You can tie that back to dollars, as far as what you’ve saved by not losing data — and I think being able to live up to that standard consistently keeps you on your toes and keeps you communicating with your team.
That’s all you can ask for in terms of a great work culture, right? A good team that works together doing the right things.
What are some of the major challenges you face?
Right now, it’s the safe storage and encryption of personal data. Hackers are finding new ways to do things, and if it’s not client data, they’re looking for patents or designs.
I think as people become more aware and more breaches and vulnerabilities are exposed, this area will continue to grow. I encourage everyone to at least look into their data security and understand it. And if you think you may have some gaps and may be vulnerable, work to get that resolved.
What do you value about your time at NC State?
NC State provided me with a tremendous foundation, something I could build on.
And I would encourage students to consider a communication degree or at least communication courses. I don’t know many freshmen who are good communicators, but I think it really translates to so much.
Some of the best salespeople I’ve worked with majored in communication. Some of the best executives have a similar background.
Alexander Ondrick ’10
Criminology alumnus Alexander Ondrick is a manager of threat intelligence and cyber investigations at Marriott International.
Ondrick began his career by serving four years as an armor officer on active duty in the U.S. Army. Ondrick was a platoon leader and executive officer for a U.S. Army (Airborne) cavalry troop. Since his discharge in 2014, he has held multiple cybersecurity roles in both government and the private sector.
In a nutshell, what do you do?
I work on a team that identifies threats, profiles threat actors and analyzes their impact on the business. So essentially, I’m taking a lot of raw intelligence and working to figure out, “OK, what does this mean to my business? What does this mean to the retail and hospitality industry? And what can I do to detect or help mitigate and defend against these types of cyber threats?”
To vastly oversimplify a few cybersecurity principles, we want to ensure the confidentiality, integrity, and availability of all information systems — from the endpoint (computer), to the network (group of computers) and all systems, processes and networks in-between.
What draws you to this work?
Working, brainstorming, and collaborating as part of a team. Working as part of a team showed me how much more can be accomplished when we all work with a common goal. And I mean really working as part of the team, as in, “The team is more important than me. It’s not about me, it’s about the guy or girl in front of me, or to my left, to my right…”
And working in cybersecurity, it’s such a vast field that you need to be OK with not knowing everything — that’s where your team comes into play.
One of the most unexpected takeaways from the military was a deeper respect for my colleagues and a newfound desire to build and improve the teams that do the work: I carry this attitude with me and have found an amazing team at Marriott’s Global Information Security Group.
What makes this work difficult?
Right now, the United States is facing challenging sociopolitical and cyber threat landscapes. Private industry and public industry together face such an unprecedented, unparalleled threat at all levels, from “script kiddies,” to government-sponsored offensives; from ‘dumb’ brute-force attacks, to complex, supply-chain attacks. And last but not least, nation-states that sponsor all of the above.
Such advanced persistent threats (APTs) are tough to secure against. Some days, it feels like you’re up against the world, but thankfully if you have a good group, a good team with you, and you’re open to being wrong, and you’re open to learning, and open to making mistakes, then you’re up for the challenge. And if there’s one thing the Army taught me, it’s that it takes a team to accomplish a mission, not an individual.
How can humanities and social sciences grads help solve high-tech problems?
By bringing a new perspective to a STEM environment. I feel like that’s what I’ve brought to different organizations, and that’s what future students could also bring.
The humanities and social sciences student is equipped to explain why they believe something. They are skilled interpersonal communicators and problem solvers — and have stronger critical thinking skills. Those are all important in solving these amorphous, nebulous kinds of problems.
Laura Wilkinson ’12
Laura Wilkinson is a senior consultant at Deloitte & Touche LLP, based in Washington.
An NC State alumna in international studies and criminology, Wilkinson works in Deloitte’s Risk and Financial Advisory, Government and Public Services Cyber Risk practice.
What are some of your primary responsibilities?
My job is to bring specialized, technical knowledge about cybersecurity concepts to government clients to help them design, implement or operate their own cybersecurity efforts.
I have worked with multiple federal government clients on a variety of cyber-related issues, like strategy and implementation; cyber engineering; identity, credential and access management; data and privacy work; and cyber threat detection and response activities.
What is exciting or rewarding about your work?
One of the great things about consulting is you can do a little bit of everything, or a lot of one thing. And there are so many exciting types of work within the cybersecurity field. I wouldn’t say cyber is a “new” field anymore, but it is constantly evolving and there are always new exciting innovations in the field that will shape the future.
Every day I get to help make an impact that matters — not just to my clients, but to the government as a whole, and to the wider cybersecurity community. It has been truly amazing to see things I have worked on affect actual change across the United States and the world. The work is rewarding because it makes a difference in the lives of everyday citizens.
How did you get interested in your field?
My interest in cyber actually started at NC State. As an international studies major, I wrote my junior thesis on Stuxnet, a game-changing cyber offensive weapon that is still relevant today.
While at graduate school at George Washington University, I was able to explore cyber and cybersecurity more deeply through my graduate coursework and through an internship with the Intelligence and National Security Alliance.
How did your experience at NC State contribute to your current work?
During my time at NC State, I learned how to write well, how to speak to small and large audiences, how to become an expert in a subject very quickly and how to think critically. It’s these “soft skills” that have been more important in my career than what others call “hard skills.”
It does seem odd that I went to a university widely known for its engineering program, got two degrees in the humanities and social sciences, and ended up in a career field dominated by engineering grads. However, I’m highly regarded at my job because I’m able to bridge the gap between the technical folks and the non-technical ones.
Cyber can be very technical and very complicated to understand if you do not have a technical background. But with the skills I picked up at NC State, I am in a unique position to both understand what the technical cyber experts are saying and translate it into a way non-technical leadership/administrators can understand and act upon.