Power players, Leadership, Critical Infrastructure Security

CISA’s Jen Easterly: Building trust to affect collaboration with industry

Jen Easterly speaks during her June 10, 2021, Senate confirmation hearing to head Homeland Security’s Cybersecurity and Infrastructure Security Agency in Washington. (Kevin Dietsch/Getty Images)

When Jen Easterly was nominated to head the Cybersecurity and Infrastructure Security Agency, she was met with glowing reviews. 

“One of the most talented security professionals that I know,” Jonathan Reiber, director of cybersecurity strategy and policy at AttackIQ, and former chief strategy officer in cybersecurity at the Office of the Secretary of Defense, told us in January. “Her strength is in her competency.” 

Chris Krebs, the first and only other confirmed director in CISA’s short history, likened her nomination to a “Series C to D” financing move, the kind of hire a company makes when it has established its basic success and wants to blossom into the future. 

This has not been an easy time to lead the government’s hub for cybersecurity preparedness. The agency’s optics were severely damaged in 2020 when Donald Trump fired Krebs, an immensely popular figure credited with much of the success of the agency, for not backing efforts to claim election fraud cost the former president the election. Easterly inherited CISA in the midst of an unprecedented wave of high-profile cyberattacks dating back to last year — Solarwinds, Microsoft Exchange Server, Colonial Pipeline, Kaseya, JBS. 

Easterly called this "a unique moment" to be at the agency in comments to SC Media, one where she can build upon what Krebs already started.

"My goal is to shift the paradigm from plain-old public-private partnership to true operational collaboration; from information-sharing to information-enabling," she said. "This is in part the focus of the new Joint Cyber Defense Collaborative (JCDC) — bringing the power of the federal government with the power of industry to prevent incidents before they occur, and ensure a rapid and coordinated response when they do. This is the type of collaboration that will be a priority for Team CISA."

Click here for full coverage of the 2021 SC Media Women in IT Security

Indeed, at a Black Hat keynote in August, Easterly made clear two key components to her plan to maintain the feeling of continuity, expand partnerships with the community and push forward in the face of the increased cadence of attacks. 

The talk, delivered in a "Free Britney" T-Shirt and dragon-embroidered jeans, emphasized her background beginning with her childhood love of Rubik’s Cubes and continuing through her military, private sector, intelligence and government careers — including helping set up U.S. Cyber Command. The goal was subtle but clear: she was trying to maintain relationships with the industry that were not just institutional under Krebs, but trust on a fundamental, personal level. 

"The foundation for any ability to affect collaboration is building that trust," she said, answering a question from Black Hat founder Jeff Moss at the end of her talk. "And frankly, Jeff, that's why I took a little bit of time in the front end so that people understand more about me because I think it's hard to judge somebody that you don't know." 

The Back Hat talk also emphasized a focal point of expanding the national capacity for cyberdefense via new relationships between CISA and the security community and ramped up hiring within the agency. 

"Throughout a career in cybersecurity and counterterrorism, I always get the same question: 'Jen, what keeps you up at night?' But I prefer to reframe that question," she said. "It's not what keeps me up at night, it's what wakes me up in the morning — and that is the opportunity to work in a fantastic agency with incredibly talented teammates on one of the most important missions to our national security, and the opportunity to solve some of our most complicated, important puzzles."

Expanding the talent pool is a critical component of success, said Easterly, who emphasized a need "to treat this as a national effort to build and educate the increasingly digital workforce." CISA is on the verge of implementing a new Cyber Talent Management System that will give the organization greater flexibility in hiring cyber defenders, Easterly said. That's a priority shared by Secretary of Homeland Security Alejandro Mayorkas at Black Hat: workforce initiatives and diversity efforts that include gender, ethnicity, education, sexual orientation, and neurodiversity.

"All of that translates into diversity of thought and enables better problem-solving," Easterly said.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.