A policy community that often lacks technical experience needs people with cybersecurity backgrounds, as recent calls for assistance have shown. Tarah Wheeler is here to tell you, that transition is tough.
“Sometimes I feel like I have a garden trowel and I'm digging that path myself. I know a couple of other people who have done it: Alan Friedman, Bruce Schneier. But it's incredibly difficult,” says Wheeler, cybersecurity policy fellow at New America.
Click here for complete coverage of SC Media's 2020 Women in IT Security
Groups like TechCongress are working on placing technologists in the House and Senate and the Aspen Institute recently started a policy incubator for infosec rank and file. The fallout from a lack of hands-on experience in the policy community does occasionally rear it's ugly head on the Hill – with Congress seemingly always one step behind the threat.
Wheeler has stood on both sides of the fence. She’s a mainstay of the security community who’s held high ranking security roles at Symantec and Splunk and is a fixture of the hacker conference circuit.
At the same time, she also wrote the book on the systemic problems facing women in tech. “Women in Tech” is a studied look at how industries like cybersecurity sort women out of the field.
One of the big problems according to Wheeler, who also sits on the advisory board of the Electronic Frontier Foundation and is a Belfor fellow at Harvard, is that tech and policy both place high premiums on experience. To be well esteemed for cybersecurity, practitioners must spend sleepless decades at cybersecurity. Likewise, to be well-esteemed for policy, practitioners must spend sleepless decades at policy.
“To be a bridge between the two, it seems like you would have to be bad at both,” she said. “There's no time to be world-class in both technology and policy.”
And moving between the two is poorly funded at best. Many of her policy efforts – the fellowships at New America and Belfor and an advisory board position at EFF – are volunteer positions. The paid positions available for field-hardened experts aren’t better, she said. It’s tough to uproot a senior engineering life in one city for a junior policy analyst job in San Francisco.
Unique confluence of events has given her the opportunity to right now focus on policy without some of the drawbacks. Her last role as a senior director at Splunk came to a natural conclusion in the summer of 2019, after she automated her job into oblivion. That left time for a Fulbright fellowship that’s currently delayed due to COVID.
Wheeler will be studying how cyberwarfare fits into our current understanding of war crimes by attempting to quantify the damage from the state-sponsored faux ransomware Wannacry that disrupted the British National Health service.
“The path to go from technology to policy is not a well-formed one; it is often overgrown with much vegetation and filled with angry animals,” she says.