Women to watch, Threat Management, Critical Infrastructure Security

Mitre’s Amy Robertson: Defending against cyberthreats, foreign and domestic

Amy Robertson’s mission to study, dissect and defend against key cyberthreats knows no borders, whether she’s building a repository of tools to help defend U.S. election infrastructure or collaborating with foreign allies to help boost their security posture.

A senior cyber security engineer at Mitre Corporation since 2018 — and now also its cyber operations lead — Robertson helped U.S. state and local officials ensure election integrity and defend against misinformation in the summer and fall of 2020 by playing a key role in the curation of tools, data and content for an online repository of election security resources.

Robertson served as manager of the election resource website, continually updating an array of offerings, including links to assessment services, intel reports, tips and more related to four critical areas: cybersecurity, data sanitation/hygiene, misinformation and process/procedure.

“We leveraged key resources from across government, academic and non-profit organizations committed to election security and integrity…to enable election officials across the nation to quickly survey a landscape of offerings, assess their capability gaps, and rapidly address their prioritized challenges to enhance election integrity and security,” said Robertson.

Click here for full coverage of the 2021 SC Media Women in IT Security

Robertson has also conducted threat intelligence research on electoral infrastructure, as well as well as on threats to non-traditional systems and multi-platform environments. For instance, said Robertson, “I developed an approach to provide visualizations of multi-platform complex attacks to enhance understanding of adversary tactics, techniques and procedures across platforms (IT, intermediary, OT) and supported an effort to build comprehensive mappings of sub-system connections paired with potential adversary attack paths to inform risk assessments.”

On the international front, Robertson has been collaborating with international partners through Mitre's Cyber Capacity-Building program, which, in Robertson’s words, “advises and facilitates Department of State efforts to provide resources for countries to identify, prioritize, and implement cyber capabilities that support their national missions and goals​.” She also previously performed similar work through support of the Department of Homeland Security.

According to her nomination, Robertson has provided guidance to foreign states in regards to “establishing cybersecurity standards, countering cybercrime, promoting a free and open internet, improving governance, and creating mechanisms for greater security and defense cooperation among like-minded partners.”

“Given the borderless, global nature of cyberspace, expanding cybersecurity capacity is not only in the interest of individual countries,” but to the entire global, said Robertson. After all, “vulnerabilities in one country can quickly impact others, and fostering resilient systems is crucial to national security” everywhere.

Robertson told SC Media that her international work has included conducting regional and nationwide cyber assessments, facilitating information and intelligence sharing, conducting incident responses exercises and developing phased cyber maturity approaches “to enhance eventual whole-of-government cyber posture.”

More specifically, her efforts toward intel sharing have included “examining some of the barriers and impediments to sharing, and assessing approaches for CTI development and maturity.” This is important because intel-sharing partnerships “are crucial to our ability as a country to respond quickly and effectively when cyber events occur,” she said.

As an official MAD (Mitre ATT&CK Defender) professor, Robertson developed the first round of content for the educational online training and certification service. This included crafting and narrating bite-sized briefings for the ATT&CK Cyber Threat Intelligence course, which was viewed by more than 10,000 cyber professions within the first three months of their publishing.

“Our goal for this training is that users will be able to leave with the ability to either operationalize ATT&CK for their specific CTI use cases, or if they’re already leveraging ATT&CK for threat intelligence, enhance their current efforts or program and further integrate ATT&CK it into their operations,” said Robertson.

Among other notable achievements, Robertson also “developed a cross-technology attack kill chain diagram of the Triton [ICS] attack” and “advised on a methodology to assess systems-of-systems using the ATT&CK Framework,” the nomination states.

The nomination also notes that Robertson participates in Mitre’s Women Lead program, and acts as a mentor and adviser to other women within the organization.

“I’ve made an effort over my career in cyber to support other women by campaigning on their behalf, offering support when needed, or [acting] as a career adviser,” said Robertson. “Our unique perspectives as women can lead to the best solutions — especially when we push boundaries. At Mitre, I’ve contributed to recruiting efforts and recently completed a program focused on providing women with the tools they need to grow as leaders, to navigate challenges throughout their careers, and to elevate other women.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.