Tyler Cohen Wood, cyber branch chief, U.S. Defense Intelligence Agency, Washington, D.C., USA
The fight for national security is being waged in cyberspace. A new generation of assailants is wielding malware—and their weapons keep getting more effective. Tyler Cohen Wood says the rapid evolution of cyberthreats has made it increasingly difficult to stay ahead of the curve. “Every bit of code written by every team that I have worked with or managed throughout my career has to be done with an eye not just toward efficiency of use, but toward potential vulnerabilities,” she says.
What's the first step to preventing cyberattacks?
Predicting threats before they happen. It's much easier for an attacker to find one way in than it is for us to predict and secure all the access points.
We as a society are so reliant on our electronic devices, and each one represents a potential entry point for a hacker. The most important thing for me as a manager is to understand all the tools at play on any project so that my team and I can understand what sort of “cybertrail” is being left behind when those tools are used.
How do you ensure your team is always ready to defuse a threat?
I'm much more of a big-picture person than a micromanager. Micromanagement leads to lower productivity and a lack of buy-in by team members. Instead, I try to get team members to take the lead on various parts of the project. I can outline all of the areas we need to make sure are addressed in a given project, and ask various team members to take the lead on those areas. By asking them to be accountable, I can ensure that each team member takes ownership of his or her part and drills down to the bedrock of really knowing that piece and making sure it is as good as it can be. Then I work to combine all of the pieces into a final whole.
We've all had micromanagers, and people are left feeling like they don't have a say in the outcome of what they're doing. You want people who work for you to love what they're doing, and the way to get there is to give them space to figure out how to get from point A to point B.
“Good communication among team members is important to any project, but in my work it can literally be a matter of national security. Team members can't be cowboys. They have to keep others in the loop on what they're doing.”
What skills do you look for in project team members?
I'd much rather have a team player with technical skills on my team than someone with a slew of PhD degrees who can't get along with others or take direction. Some tech people have a tendency to want to work completely alone and stay focused deeply in their part of the project. That is great, but they also have to let others point out things they may not see. Everybody has blind spots. We need people who can work collaboratively and can set aside their egos when someone else sees something they might have missed.
I also need people who understand that while computer code can, indeed, be “art” when written eloquently, the key for us is practicality, not aesthetic beauty. Security comes first, even if that produces something a bit more cumbersome to use. The best talent can find a good balance between usability and security.
You've worked on cybersecurity projects in both the public and private sectors. Do you have any advice for managing client expectations in both?
Whether the client is a large corporation or a government agency, you can't waste time trying to explain your way to a full agreement. Find a point of compromise and move on. Also, as a manager, I understand tech and how to explain it to clients, since many engineers are not really able to make non-tech people understand what they do.
How do you deal with project setbacks?
I don't look at setbacks during project implementation as failures. Instead, I use the lessons learned to adapt and make the project better in the end. The good thing about [security bug] Heartbleed, for instance, is that it made people more aware of their own vulnerabilities. Having decision-makers get a sense of just how vulnerable they can be helps when we need to explain and get buy-in on more layers of security in their systems. PM
Best professional advice you've received?
Develop an elevator speech.
How did you get started in tech?
I worked in radio in college, and I learned to fix electronics, because there was nobody else to do it when I was in the studio at all hours.
What's your dream vacation?
Traveling around the small towns of Western Europe and stopping at bistros, enjoying a coffee and a cheese plate, watching the world go by.