Roberta (Bobbie) Stempfley, managing director of the CERT Division of the Software Engineering Institute at Carnegie Mellon University
While she acknowledges she's worked at great places throughout her 20-plus years in the security industry, it hasn't been an easy road for Bobbie Stempfley. She has had to fight to have her voice heard – over and over, she once told an interviewer.
"I've learned to persevere and be stubborn, and not judge people too harshly when they make a mistake," she says graciously.
And, her efforts have bolstered support of public interests concerning cybersecurity. In more than two decades of experience at the Department of Defense, the Department of Homeland Security and as director of cyber strategy implementation at The MITRE Corporation, she has led strategy efforts and helped organizations – whether government or private sector – evolve their comprehension of the junction between strategy, policy and technology.
Her mission at MITRE was improving the technology used every day and applying it to government services. Her positive attitude and good cheer came through in her public statements about how she faced the challenge of improving the government's efforts in delivering services to improve efficiencies and streamline efforts. It also comes through in how she speaks about bringing different individuals together from various disciplines to iron out problems. Indeed, her willingness to consider varying viewpoints – what's she's called a "diversity of thought" – propels efficiencies and advancements.
As far back as 2011, during her five-year stint at DHS, her efforts to educate small and midsized businesses so they could evolve their cybersecurity plans to better protect themselves, their employees and their customers, were proving effective and ensuring changes. She made certain to promote resources available for cybersecurity protections connecting the private sector with resources being offered by federal partners to the DHS, including the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC).
But, with a move this year to become managing director of the CERT Division of the Software Engineering Institute at Carnegie Mellon University, she says her greatest accomplishment this year has been focusing on bringing technical and policy aspects together. "We've long been trying to solve the cyber issue as though there is a right answer, but really there are many answers because there are many questions."
She has been acutely focused on two things, she says. "The first is engaging on the false choice between security and innovation. The technology is and must evolve quickly, and security technology and concepts should not be pacing factors in this evolution. Both are necessary, and it is possible to have both."
The second aspect is continued focus on the workforce. "Not just focusing on growing more skilled individuals, but recognizing that what we also need is more diversity in this field. We need deeply technical individuals, we need individuals who think like the adversary, we need anthropologists who understand how humans function, etc. We need to increase the participation of women and underrepresented minorities.”
And, she carries her advocacy to draw more women and underrepresented minorities into the STEM workforce, cyber in particular, with her work on the board of the Cyber Diversity Foundation. She serves too on the board of the Armed Forces Enterprise Infrastructure, as well as on the Global Cyber Alliance Technical Advisory Committee.
When she first started in the field, she was regularly mistaken for the administrative support in the office, she says. "I remember vividly a piece of advice given to me by a senior engineer at one of my first jobs. He warned me about admitting I knew how to type for fear I'd be responsible for typing up everyone's work. I was grateful for the advice and took it to heart."
Unfortunately, she adds, some version of this happens at many levels. She points to a recent example where a colleague questioned whether she was the right person because an interview was on a technical topic. "In this field, the challenges facing women include recognition of technical skills, and of leadership skills, but it is further exacerbated by male-dominated rhetoric (battle metaphors, teenager in a hoodie) and associated stereotypes. It takes a great deal of perseverance, a willingness to be firm, some thick skin, self-confidence and humility, and a sense of humor to be successful. And a willingness to expect a great deal from yourself and the men and women around you."
She credits a number of mentors who, she says, have been very important to her path and who she continue to leverage. She singles out Dawn Meyerriecks, Jane Holl Lute, Bruce McConnell, Harry Raduege, and Betsy Hight. "I also rely on reverse mentoring to ensure that I'm not only pushing myself, but I get a clear view of what is happening from all different perspectives in an organization. Anyone who will be truthful with you and will help you see yourself and the situation clearly is very useful."
She adds that she takes the most pride in watching those she has mentored, led or encouraged succeed in the face of the challenges inherent in this domain – whether it be helping someone find the right role for their skills and watching them bloom, working through a technical challenge that seemed insurmountable, scoping and executing research as of people as they work on the graduate degrees, or seeing someone take on a stretch assignment when the opportunity presents itself and growing. "Taking that time to help support others, women and men, has just grown the talent available," Stempfley says.
From 2010 to 2015, she was deputy assistant secretary in the office of cybersecurity and communications at the U.S. Department of Homeland Security, and before that she was CIO at The Defense Information Systems Agency.
Andy Ozment, the DHS assistant secretary for cybersecurity and communications (CS&C), at the time Stempfley was there, commented at her leaving: “From my vantage point at the White House during those four years, I watched CS&C grow dramatically in size and capability. Bobbie deserves much of the credit for that evolution." He credited her with shepherding the department through numerous reorganizations, her expanding CS&C's role in the federal cyber mission, her strengthening of the CS&C's emergency communications mission capability, and her success in advocating for an increased budget for CS&C each year, despite the austere budget environment.
In March 2017, Stempfley was named to CyberScoop's inaugural list of 2017 Top Women in Cybersecurity for her work to improve collaboration and information sharing within government and the private sector.
Stempfley has a B.S. in engineering mathematics from the University of Arizona and an M.S. in computer science from James Madison. – GM