Pamela Schwamb doesn’t intend to be pigeonholed into only doing work involving the Department of Defense.
“It was funny, because when I left my old job, I said, ‘I will never work in the DoD again,’” said the senior manager and scyops engineer for Conquest Cyber, where she recently headed another Pentagon project.
Her previous project had her tackling a DoD overhaul of a a healthcare system that was simple enough for an 18-year-old to operate on a laptop in the field, either in the back of a Humvee or in a medical tent.
[Please visit SC Media's 2023 Women in IT Security and read about more women Power Players, Advocates, Cybersecurity Veterans and Women to Watch.]
“When we were told we couldn’t do it,” said Schwamb. “That was a really fun challenge.”
She and her team took an application that’s meant to run in a data center and condensed it onto a laptop that met all of the DoD’s security requirements. It was Schwamb’s first foray into cybersecurity after working as a database consultant primarily focusing on disaster recovery.
“It [the DoD healthcare project] kind of spanned the entire range of problems that we face in this environment,” she said. “It talked about things like data controls and access and auditing and authentication.”
It became obvious that her team had a good understanding of how security was supposed to work, so they were steadily pulled into the bigger projects and began getting loaned out to other teams to help work through security issues.
While there’s more leeway in the commercial space, Schwamb said there is a specific skill set needed to meet the DoD’s intention.
“I think I’ve been very successful at taking what I’ve learned in that context and being able to extrapolate that back into … a full-fledged program.”
She led Conquest's team on an authorization package so an application could run in a government organization’s environment, which involves massive amounts of data, manual labor and paperwork.
Schwamb is recognized as one of SC Media’s 2023 Women in IT Security cyber veterans. Working in a field that is roughly a quarter female, she said it often becomes apparent that she’s just another person who belongs in a room full of suits when she begins discussing cybersecurity incidents, regardless of gender.
“I have been really lucky to find that that has always been true,” she said, but added there are times when having other voices in the room can help when it comes to security, such as security teams putting themselves into the mindset of attackers.
“How do I think like the people that are trying to get into my systems if all I do is hire one type of person who has had the same upbringing with the same college education and the same internship experiences [as everyone else]?” she asked. “And so they don't have the ability to necessarily think differently, and really encompass what all of our threat actors are really thinking about."
"So hiring people from different economic backgrounds, and from different social backgrounds and different racial backgrounds, and I think it's really important to bring everybody to the table because we can't put ourselves in other people's shoes,” she continued.