A Cyber Career Rooted in Public ServiceJuly 2016
What type of education makes a good cybersecurity engineer? A diverse one, according to MITRE's Sarah Weeks. "You definitely need strong computer science skills. But I also think you need a passion for solving complex problems."
Weeks would know since she has a liberal arts bachelor's degree and a master's degree in computer science. She believes having some psychology coursework helps, too. "The human element is one of the most challenging aspects of cybersecurity. It's unpredictable and a difficult aspect to address when you're looking to mitigate threats."
Weeks is both a MITRE cybersecurity engineer and a CyberCorps® alumna of the National Science Foundation’s Scholarship for Service program. Her current work supports the MITRE-operated National Cybersecurity FFRDC, which is sponsored by the Department of Commerce and the National Institute of Standards and Technology (NIST).
Guiding Industry Toward Better Cyber Solutions
MITRE works with NIST's National Cybersecurity Center of Excellence (NCCoE) in publishing practice guides that focus on many cybersecurity challenges that cross industries and sectors. The guides address technology gaps and provide practical, standards-based recommendations.
For her first major project, Weeks helped develop the practice guide Attribute Based Access Control (ABAC). "Fundamentally, many cybersecurity problems come down to identity or access control. That makes ABAC an area that interests multiple industries."
The ABAC guide provides an example solution for managing access rights within and across enterprises; the solution uses readily available commercial and open-source technologies.
The ABAC guide arrives at a good time. The adoption of chip credit cards now makes it more difficult to perpetrate fraud at the point of sale. As a result, a lot of fraud targets e-commerce. One of the best ways to prevent fraud online is through multifactor authentication, such as a combination of a password and a fingerprint. Also, other personal data is increasingly valuable in dark markets. Securing sensitive data both protects consumer privacy and prevents fraud losses.
Weeks is hard at work on retail industry-specific projects that address the implementation of multifactor authentication for online commerce and for securing non-credit card, sensitive consumer data. These projects are in a preliminary phase but ultimately could result in another practice guide.
Developing a practice guide usually takes about nine months from start to finish. "The result is a guide that describes the problem, why it's important, how we addressed it, what standards and technologies we used, and a how-to guide so others can implement the solution," Weeks says. All the published guides are downloadable from the NCCoE site.
Building Ties with the Academic Cyber Community
Weeks was new to MITRE in March 2015 when her department head asked her if she would lead the cyber intern program at the Rockville site. She didn't hesitate to accept.
"I had experience as a student leader," she says. "That background helped me mentor the interns over the summer, making sure they were engaged and learning."
Two of last summer's interns are coming back as full-time staff after graduation, and another will return as an intern this summer.
With one successful summer intern program under her belt, Weeks began planning for the following year. She researched cybersecurity degree programs and schools with Scholarship for Service programs.
"As a former Scholarship for Service student myself, I know that MITRE's mission to work in the public interest aligns well with the goals of the program," she says. NSF collaborated with the Office of Personnel Management and the Department of Homeland Security to create the Scholarship for Service program to encourage students interested in serving the public and protecting the government's critical infrastructure, particularly in cyberspace.
"So I visited a lot of schools and built relationships within academia. This year we're going to have 11 interns at the Rockville site." MITRE hosts cybersecurity interns in other company locations as well.
Many Options to Make a Positive Impact
"At MITRE we work on challenging problems—really important issues that affect national security," Weeks says. "I find it extremely rewarding."
She also knows MITRE encourages our staff to expand their skills and tackle new challenges. "While I like working on the example cybersecurity solutions and practice guides, I'm passionate about continuing to grow my software development skills. I like knowing that many other kinds of work are available here and that I have the option to pursue it.
"Plus, having the opportunity to do such meaningful work in a collaborative and flexible environment, while maintaining a healthy work-life balance, is important to me."
—by Kay M. Upham
Join our community of innovators, learners, knowledge-sharers, and risk-takers: View Job Openings.