I’d love to start broad, tell us a little bit about who you are and how you came to be where you are now.
My name is Dr. Terry Stevenson and I am a cybersecurity expert. I started out as a technology geek. I built a Heathkit TV when I was seven and I was writing code by the time I was in high school. When I graduated, I went into the military. It was amazing. I got a degree in system engineering in microwave. They called it microwave but it wasn’t just microwave, it was everything. I was stationed in a place called Fort Detrick and I had an incredible boss and mentor, Mr. Tucker, who took me under his wing. I was the only female who survived that group. I got to learn everything, new and old, foundational system engineering. Not just the way things work but how to look at it and the mindset needed for it. That set off my career. I have a doctorate of law and I get involved as an expert witness with contracts from a technical and security standpoint, but I have been a consultant the majority of my career. I have a small consulting boutique. I’ve kind of been a geek all along and I just love technology. Live long and prosper.
When/where did your passion for technology start?
It started when I was a little kid. My stepfather was an electrician, he was always into something and I learned that from him. I just like to know how things work. I used to take things apart and get in trouble for it. I eventually figured out how to put things back together again. I love puzzles, and technology is really a puzzle, it’s problem solving. I keep that mindset as I approach the work I do now, I always tell people that I can figure anything out.
What kind of work are you doing now? What are the main emerging areas you see in cybersecurity?
One big thing I'm seeing is that everyone is trying to solve the age old problem of using software keys. Google came out with something recently where they’re adding quantum encryption on top of an existing encryption method where they use a software key as opposed to a hardware key, but it's still vulnerable. Google is stating that this will solve the breaching issues, but it's vulnerable because without a quantum computer on both ends, lattice-based encryption, it really can’t solve the issue. On top of it, the algorithm’s company, Kyber has stated that the strength is “Kyber-512 aims at security roughly equivalent to AES-128, Kyber-768 aims at security roughly equivalent to AES-192, and Kyber-1024 aims at security roughly equivalent to AES-256.” The strength is equivalent to current encryption, but, the only difference appears that instead of using integers, Kyber uses polynomial rings. Bottomline, still does not solve the issue, because the bad guys are still getting access to software keys. Although this technology has been touted as a new solution, it's the same thing I’ve been seeing for the past twenty years. All of these breaches have similar root causes, you’re always going to have vulnerability in the system. That means that you need to protect the ways to get into the system and that’s not necessarily a new firewall, it is keys, how do I access the system? That's the big problem.
Is there anything you wish people knew about careers in cybersecurity?
This industry changes so much and that makes it hard to give universal advice, but fundamentally, there are a couple of things I would get in college before starting a career in cybersecurity. Take C. C is a foundational language. Not all coding is the same, Python is a scripting language, Java is managed code, it’s literally putting pieces together. But coding, actual software development, is C language. The lower the level, the harder it is to crack that code, the harder it is to breach it. So if someone has a foundation of C, they can go to any other language. It's just a matter of figuring out the “grammar”. The other thing I would get is Department of Defense- type system engineering, where you look at the system as a whole and learn to break it down into all its different pieces. That’s how you solve problems quickly and understand how to help people. In cybersecurity, you have to understand the whole system. You’ve got to understand the whole enchilada, you need to know the ingredients. Otherwise, how do you stop somebody from stealing the cheese?
What needs to happen to help more women and other underrepresented groups get into tech and stay in tech?
You have to be aggressive and tenacious. I have thought about leaving this industry several times. There needs to be more women and minorities in technology and we need to fight for it. I encourage people to continuously keep learning. Keep working to increase your skill set and expand your resume. In terms of where you focus your energy, I would say that there are four skills you need to be good at. The first is tech. You have to understand the whole technology ecosystem, especially in cybersecurity. People think of cybersecurity as a niche, but it’s not. A good cybersecurity professional understands all aspects of the tech because it’s critical to understand what you’re trying to protect. Second, you have to understand money. As a leader, you’re going to need to present and justify your budget and you have to show return on investment. You have to show how your work is going to help the company. The third thing is collaboration. Teamwork is key, my most successful projects have been collaborating with different people from different backgrounds. I’ve been fortunate to work with some amazing teams. Lastly, you have to be a strong leader. You have to make the hard decisions and move forward whether or not people like it.
You’re a U.S Army Veteran, how has your experience as a Veteran informed the work you do now?
It’s everything, it’s my foundation. I was fortunate to be stationed at Fort Detrick with Mr.Tucker who is just an incredibly honorable man. He was a 40 year retired Marine Corps and he was a great mentor to me. I was the first and only woman in the group until 1998, I was even working with that group when I was pregnant with my son. There are a lot of stories out there of women having negative experiences in the military, but in my entire military experience I encountered a lot of good people and a lot of good officers. I was blessed to be at a location where I was mentored and was able to develop my foundational skill set with system engineering.
What advice do you have for others who want to make it to technology leadership like yourself?
Keep educating. Keep going after things, even if you’re not quite sure that you’re ready for them yet. I was working on a project once and someone tried to tell me I wasn’t qualified because I didn’t have my CISSP certification, even though I’d been doing this for years. As soon as the project was over, I went and got my CISSP. Learning in this space is a constant process. I educate myself every day. I would also say, just apply for the job. Network, make friends, keep your LinkedIn active and updated. A lot happens just by keeping it up and keeping it touch.
Who helped you rise to this role and how do you pay it forward?
There have been a lot of people. I had a boss early in my career who handed me a project and said, “figure it out”. It was an architecture, design, engineering, and implementation project. I said “I’ve never done this before” and he said “I'm seeing if you’re as smart as I think you are.” I did it. Sometimes you just have to get in there and take a chance. I have been blessed in my career to have had mentors who have taken a chance on me. I would tell others, those people are out there. Right now it’s just a matter of getting around these ATS systems to get them, but keep trying. Tenacity is what you have to have in technology to survive. Right now, I have three young people I'm mentoring. I don’t care what people's background is, when I find someone has the critical thinking skills needed to be successful in this space, I will support them. I’m handpicking a few of their college classes right now. We’re laying the foundation of a successful career. To get there you just have to keep trying.
How do you hire? What do you look for in people?
Critical thinking is key for technology and cybersecurity especially. A lot of people are good at memorizing but don’t know how to really solve problems. I look for people who are willing to adapt, meaning not be so locked in their comfort zone that they won’t do something new. I also look for people who are kind and can work well with others. Things can be stressful, sometimes we’re dealing with a nightmare deliverable, but we joke about it and we still move forward. I don't care if you have a degree. I just want to know if you can learn.