Keenan Skelly is vice president of global partnerships and security evangelist for Circadence.
In this exclusive interview, Skelly shares her insights on the state of cybersecurity, the importance of establishing global norms, and the abundance of opportunities in the field.
TechNewsWorld: Could you describe the trajectory of your career? How has it evolved over time?
Keenan Skelly: I started out in the Army as an explosive ordnance disposal technician, and I had an interesting career. I was last stationed at Andrews Air Force Base, where we focused on chemical and nuclear weapons. It wasn’t very cyber-related.
While I was doing that job, I happened to be at the White House on 9/11, and in that capacity, I got to see the national response plan acted out. It brought me back to my past before the military, working for the Red Cross and responding to large-scale crisis incidents.
I was interested in transitioning the skills I got from the military, so I went to work for the infrastructure protection division of the Department of Homeland Security, where I ran vulnerability assessments across the country — nuclear, chemical, water — looking at these from a personnel and a physical security standpoint, as well as an information security standpoint.
We saw then that information security was the single point of failure across all these sectors. Despite that, we weren’t really providing a lot of assets for the critical infrastructure community.
Here we are, 15 years later, and a lot of the same issues are still being played out, but on a larger scale. That pushed me in the direction of learning more about information and cybersecurity.
I went back to school and got a bachelor’s degree in information technology and came back to the field to promote some of these things at the critical infrastructure level. Since then, I’ve been working with smaller companies on ideas about how to address the cybersecurity issue.
Why do you have a passion for cybersecurity?
Skelly: One part is that it’s only a few times in the history of the U.S. and in specific domains do you have the opportunity to make decisions and have a lasting effect on that domain. If you talk about the nuclear domain and chemical domain, the opportunity to impact those domains does not happen regularly.
In terms of information cybersecurity, we’re right in the middle of it right now. We’re just figuring out what global norms should be. The things that we put in place — whether they’re policies or advanced technologies, are going to shape this domain for many years to come. That’s really exciting to me, being able to be part of that change and influence this domain.
The other part is that it impacts every bit of our lives, more and more every day. Just in the last 10 years, my personal reliance on technology and the Web has grown exponentially, and our reliance on cyber is a double-edged sword.
We’re able to communicate much more efficiently with people all over the world, but we’re more vulnerable to attacks. We need to figure out what the best way is to move forward and what things we need to scale back on.
In what ways is working in the business world different from military and government work?
Skelly: I enjoyed working for the government and military for the sense of purpose and because I was able to make changes that were seen across the environment.
As I’ve gotten older, I’ve realized that rapid change and innovation typically come from smaller, more agile organizations. I’ve embraced that, and I enjoy working with smaller companies that have new ways of thinking about complex ideas like artificial intelligence and machine learning. That really inspires me.
In terms of predictability, when you’re working for the government or military, there’s a cadence to processes, and that’s part of why it doesn’t lend itself to being agile. That’s what I like about the business world — the ability to innovate new ideas and technologies and get them out to people more quickly.
What are some of the most challenging things facing us in the world of security?
Skelly: One of the big challenges we have in cybersecurity is norms in cyberspace. People like to refer to cyber as the wild wild west. There are all these things going on, and people are testing the water. But this is not the first domain where that’s happened. We saw similar things with nuclear weapons and chemical weapons, and now we’re seeing that in cybersecurity.
As a community, we need to draw that line in the sand about what’s appropriate in cyberspace and what’s not appropriate. We need to determine what that line is. Cyberspace can be weaponized.
I often use the IED threat that we faced in the Middle East as a similar construct. The threat was changing so rapidly that it was difficult to get the message out to the troops about how to stay safe. We had to change our way of thinking about the problem, and that’s kind of where we’re at with cyber.
Today, the biggest problem that people are working on is phishing or ransomware, but there will be new threats. We have to change our paradigm about how we think about the cybersecurity problem.
You do volunteer work for Team Rubicon and Red Cross Disaster Services. Why do you see this volunteer work as important?
Skelly: Team Rubicon is for wounded warriors who have specific skills in crisis management, and when something happens in the country — a flood or hurricane or train wreck — you can be picked to respond to it. It depends on your individual skills.
When I was younger, I started volunteering for the Red Cross Disaster Services in my hometown. Within a couple of months of doing that, I was a part of two separate train crashes, and those really influenced the person I am today. They taught me how to react and how we can, as a society, better respond to these incidents. It’s helped me to be a more responsible human being, both in life-and-death situations and in business situations.
What advice would you give to girls and women who are interested in getting into the security field?
Skelly: One of the big things I stress is that security is not just about the person sitting behind a laptop with a hoodie. That’s a very dated version. Because cyber is so pervasive, you can have a job in cybersecurity in just about any job. There is no one-size-fits-all for your aspirations in cybersecurity.
You may have hundreds of different options. I do recommend that you be hungry for knowledge. There are so many tools and techniques and ever-changing threats, and you have to be interested in all of it. If you are, you’re going to be way ahead of the game.