Washington is full of leaders that promise and pontificate...but don't deliver. Phyllis Schneck, deputy under secretary for cybersecurity for the National Protection and Programs Directorate (NPPD), the chief cybersecurity official for the U.S. Department of Homeland Security (DHS), clearly is not one of them.“She is deliverable-oriented, thoughtful in her delivery and always does the right thing,” says William Pelgrin, CEO at the Center for Internet Security, a nonprofit focused on enhancing cybersecurity readiness that works with DHS on a number of initiatives.
Pelgrin, who has known Schneck for more than a decade, explains that, unlike some leaders, Schneck doesn't set out to “get her way” when it comes to finding and implementing solutions to cybersecurity issues. “She believes it's more important to get it right,” he says, adding that she is particularly adept at presenting “deliverables in a concrete way to improve our cybersecurity position going forward in a new day and age.”
That's a sentiment that Schneck herself echoes. “I'm charged with that vision,” she says. But, it's a task made more difficult because of the duality of her agency's mission. DHS has the Herculean task of looking at both the private and public sectors,” says Pelgrin. Or as Schneck explains, “we work for the government but serve the private sector.”
State of the Union
Michael Kaiser, executive director at the National Cyber Security Alliance
Ed Lowery, special agent in charge of the criminal investigative division in the United States Secret Service.
William Pelgrin, CEO, Center for Internet Security
Phyllis Schneck, deputy under secretary for cybersecurity for the National Protection and Programs Directorate (NPPD), the chief cybersecurity official for the U.S. Department of Homeland Security (DHS)
However, if anyone has the background to straddle the two sectors without sacrificing the service to either, it is Schneck.
She holds a Ph.D. in computer science from Georgia Tech, though her education in computer science started much earlier than that. As she likes to tell it, her father sparked her interest in computer science and stoked her nascent talent when she was just three years old.
And her résumé includes stints in various information science technical positions at numerous organizations, including CSC (Computer Sciences Corporation), IBM Systems Integration Division, NASA Goddard Space Flight Center and the University of Maryland's Department of Meteorology.
Schneck was vice president of corporate strategy for SecureWorks and was founder and chief executive officer of real-time security technology provider Avalon Communications, which was eventually acquired by SecureWorks. She also served as vice president of enterprise services for eCommSecurity, eventually landing at McAfee, where she was chief technology officer for global public sector, responsible for the technical vision for products and service, as well as global threat intelligence, industrial control system security and telecom strategy.
Further, she has worked closely with the FBI, sitting for eight years as chair of the agency's InfraGard program.
But, perhaps more importantly, she knows how to use her extensive and rich experience to get the job done. Schneck draws on her education, intellect and what Pelgrin calls her “uncanny” instinct to drive cybersecurity initiatives.
And that's at least part of the reason that DHS has continued to grow more nimble and quicker to respond.
There's an overall realization “we can't do it alone,” says Pelgrin (right).
When SC Magazine first spoke with Phyllis Schneck, shortly after she left her CTO position at McAfee and joined the Homeland Security team in September 2013, she had already set a few significant goals, lofty but, she believed, doable: Make DHS more nimble and responsive, raise awareness of cybersecurity across the board from government down to the consumer, and stimulate the dialog and collaboration between government and the private sector on everything from sharing threat information to developing innovative solutions.
We caught up with her again this fall, a day after she completed what she calls “a very transitional year in cybersecurity,” one that has been marked not only by changes at DHS but by high-profile breaches at retailers Target, Michaels, eBay and, more recently, Home Depot. As well, cyberespionage campaigns and assaults on government systems from nation-states, the rise of malware, and the takedown of Cryptolocker Gameover Zeus have been top challenges for security personnel.
“My top three priorities are building trust with stakeholders, raising situational awareness and leveraging the cybersecurity framework and fulfilling the President's Executive Order 13636 [to improve critical infrastructure],” Schneck says.