Lindsley Boiney
Decisions, Decisions: A Cyber Expert Cuts Through Information Overload
In honor of Women’s History Month, we’re highlighting MITRE technical experts who’ve worked here for more than 20 years. Many of these pioneering women have helped establish standards that the cybersecurity community follows throughout the world.
Decision making is hard under the best of circumstances. Now, imagine having to make choices in a fast-moving environment under time pressure, with people’s lives depending on your calls.
Lucky for those in the hot seat, Lindsley Boiney, Ph.D.—an expert in decision sciences—has spent the last 20 years supporting such efforts. She uses technology and data to help high-stakes decision makers hone their craft.
Early in her tenure at MITRE, Boiney was part of a research team that visited an Air Force operations center in Las Vegas to observe warfighters participating in a time-sensitive targeting live-fly simulation exercise.
Before engaging a target, our military’s operators rely on an influx of intel to make dozens of real-time judgments. Where are our blue forces (i.e., the U.S. and our allies) and their assets? Where can we confidently identify adversary assets, and which ones pose the greatest risk? As personnel rush to paint the full picture, information pours in through dozens of displays and chat windows across a wall of screens.
“People in high-intensity environments don’t always fully understand what they need,” she explains, noting that the operators initially requested additional screens to fit more chat windows.
In this scenario, the team identified human attention as the scarce resource. They stepped back and asked themselves: “Do we really want to give more screens to individuals who are already inundated with data?”
Instead, they designed and built the Dynamic Chat Manager, a tool that notifies users when specific chat rooms get a sudden uptick in activity, or comments from key personnel. It boosts more substantive intel to the top of the queue.
Applying Decision Sciences to Cybersecurity
Boiney’s MITRE journey, which began in 2002, was a far cry from her previous job as a professor. After completing a doctorate in decision sciences at Duke University, she spent a decade teaching Executive MBA candidates, first at George Mason University’s School of Business and later at Pepperdine University’s Graziadio School of Business.
She loved engaging in a classroom setting and conducting research, but the prospect of working on problems of national importance was hard to pass up.
At MITRE, she became enthralled by the high-stakes, time-sensitive, and uncertain environments that cyber defenders inhabit.
Whether you’re in the middle of a military operation or protecting networks from attacks—a holistic, well-informed perspective is essential.
Once again, she found herself sitting behind analysts as they worked, except this time it was information security cyber experts. Amid multiple displays providing alerts and notifications of potential anomalies, analysts work individually and collaboratively to separate the signal from the noise and identify events needing immediate attention.
These intense environments, where technology and human decision making converged, appealed to Boiney’s expertise: “I was hooked,” she says.
Cyber Solutions Require People, Process, and Technology to Align
The further Boiney delved into the cyber universe—both internally at MITRE and with sponsors from the Department of Defense (DoD) and Intelligence Community—the more she became fascinated with the interplay among people, processes, and technology.
As she familiarized herself with diverse cybersecurity operations centers, Boiney sought to understand and address their varying maturity levels. She was inspired to consider a methodology that could prompt all organizations, large and small, to identify strengths and weaknesses in their cybersecurity efforts.
She and her team developed the Cyber Operations Rapid Assessment (CORA) through MITRE’s independent research program. In contrast to onerous and expensive assessments, CORA helps security operations centers quickly determine where to focus attention and resources to improve their cyber defense capabilities.
“We also wanted to explicitly bring in the people and the process side of cyber capabilities, as well as the technology,” Boiney says of the “lightweight methodology,” which incorporates a tailored survey/interview approach. “It’s another one of those places where technology alone is not going to cut it.”
CORA applies to all cybersecurity operations centers regardless of size, mission, and capability level. Word spread, and the assessment has since been used by more than 40 organizations, ranging from the DoD to private healthcare companies.
Organizations can also bolster their security by participating in regional or industry-specific collaboratives to exchange tips and best practices with others facing similar cyber challenges. “It’s critical that they look beyond their own systems, and learn about the greater threat landscape to get ahead of the game,” Boiney says.
One lesson learned from CORA engagements was that information sharing can be hampered when some group members have more advanced cyber capabilities than others.
To meet this challenge, Boiney and colleagues designed a framework called Trust and Value in Information Sharing. It describes how organizations with different cyber maturity levels can exchange information in appropriate ways, so that everyone brings value, trust is established, and all parties benefit
Women Offer Holistic Cyber Perspectives
Boiney notes a striking difference in her current position compared to her early career. She remembers being the only female in her Ph.D. program and later as a decision sciences professor.
That changed dramatically when she moved into cybersecurity at MITRE. “I’ve been fortunate to have so many great female colleagues as well as mentors and leaders here in cyber,” she says. “It’s been wonderful.”
She also appreciates how, over the years, she’s had opportunities to build on her original expertise and apply it to new domains, such as cybersecurity—all at the same company.
Her advice to up-and-coming cyber professionals, both female and male: “When an organization asks: ‘What do we need?’ The knee jerk reaction is to suggest the sexiest tool of the day. But, for example, many issues can be solved largely by sharing information more effectively, or by helping people find salient details within the noise.”
“This is true across many challenges. Whether you’re in the middle of a military operation or protecting networks from attacks—a holistic, well-informed perspective is essential.”
Join our community of innovators, learners, knowledge-sharers, and risk takers. View our Job Openings.