Cybersecurity Is National Security
On this week’s show, we welcome back Lauren Zabierek. The last time she joined us, she was a senior intelligence analyst at Recorded Future, but she’s since taken on the role of director of the cybersecurity project at Harvard’s Belfer Center. She shares the mission of her organization, the role she thinks it has to play on the national and international stage, and why making sure everyone has a seat at the table leads to better, safer outcomes.
This podcast was produced in partnership with the CyberWire.
For those of you who’d prefer to read, here’s the transcript:
This is Recorded Future, inside threat intelligence for cybersecurity.
Hello everyone, and welcome to episode 129 of the Recorded Future podcast. I'm Dave Bittner from the CyberWire.
On this week's show we welcome back Lauren Zabierek. Last time she joined us, she was a senior intelligence analyst at Recorded Future, but she's since taken on the role of director of the cybersecurity project at Harvard's Belfer Center. She shares the mission of her organization, the role she thinks it has to play on the national and international stage, and why making sure everyone has a seat at the table leads to better, safer outcomes. Stay with us.
So, the Belfer Center is short for the Belfer Center for Science and International Affairs and it's really a university think tank where we focus on far reaching issues, both technologically and with the application in international affairs. So, looking at a lot of issues. Cybersecurity is just one of those portfolios.
Within this arena, I have responsibility for more of a broader look at cybersecurity, and then Juliet looks at the China cyber policy aspect of it. My colleague Maria runs the Defending Digital Democracy project and that really focuses on tools and legislation for election security. Not only the hard kind of security aspects of that, but also looking at the disinformation piece too.
Other projects in the Belfer Center are looking at the Future of Diplomacy, Technology and Public Purpose. We have a Russia Matters project. So, the different projects really span the gamut of really thorny international security and affairs issues, but also looking at these emerging technologies in science.
How does the information you gather and the reports that you generate, how do those get spread out into the world and who consumes them?
We have an excellent communications team at the Belfer Center, run by Josh Burek. This being a university think tank, we have a lot of students that work on these projects. They do a lot of the research both with staff and with the faculty here. If you browse the Belfer Center website, you'll see a number of publications such as Belfer papers all the way up to some of the books that the faculty actually publish. We have a number of really amazing faculty here, which is really exciting.
Looking at Belfer papers, both short ones and long ones, as well as op-eds and journal articles, there's a journal here called International Security. They're pretty hard, or cross cutting. For instance, Eric Rosenbach and Shu Min just released this paper that is a really insightful look into China's three perspectives theory on the use of the internet. Looking at how those aspects differ between both countries, but also looking at finding areas of common interests. I definitely encourage you to check those products out.
In terms of the cybersecurity project itself, which you're the director of, where does that sit in the pecking order of things? I guess, where does cybersecurity rank in terms of, as you said, the thorny issues that we're dealing with internationally these days?
I think that it cuts across all of the issues. Because, obviously, traditionally a lot of our international affairs issues have played out in the physical realm. But now obviously we are seeing those grand, geopolitical and other international issues play out in the digital realm. We see aspects of all of the issues really that apply here. It's not only internationally, but also domestically. You've seen how complex a patchwork that our national or domestic cybersecurity landscape is. We seek to advise on policy and legislation in certain areas, but then also try to provide some tools as well for the practitioners on the front lines.
And so what is your day to day like? What types of things are you typically working on?
It varies. This last week I've been working hard on a speech that I'm going to be giving at an international security forum next week in Germany. I've been trying to work on that, but also we host events, so we do a lunchtime speaker series. Sometimes the preparation and execution of that will take priority. Often we'll have meetings with either notable figures or are really just people who are coming to the center to talk about these issues too. It really varies day to day.
You mentioned that the folks that work with you there, that your team, that the three of you ... It caught my eye that the three you are women and I'd hazard to say that it's unusual to have a team of folks in the cybersecurity lane where all of them are women. One of the things you and I have chatted about before is the importance of these opportunities for women in cybersecurity.
Absolutely. And it was not an accident, I think, that Eric chose all women to run these projects. He's very committed to advancing the role of women in these very serious and important security matters.
Through this process I've had a realization of our role here, or of women's roles in this industry. Especially because a lot of people are new, a lot of people do come to cybersecurity from doing other things in the past. One particular story that I think about is Julia Voo, who runs our China Cyber Policy Initiative, hosted a ... We're hosting a track two dialogue with the Chinese Institute for International and Strategic Studies, the CIISS, and within that track two we hosted a number of meetings, especially this past April. They also went over to China in August, as well, but I was actually able to take part in the meetings in April, and it really struck me when I saw that most of the people around the table were women, including the main POC on the Chinese side. She's a retired General.
And so, especially at one of those dinners, we sat around and we talked, obviously through an interpreter, but about personal issues. I think the fact that we were able to come together, talk about these issues, but also still be very personal and share some really shared experiences, I guess you could say in life. I felt enabled and empowered to ask certain questions, certain policy questions that were important to me. The General on that side said, "I can see that this issue is very important to you. And so I would like to keep this on the table to address later on."
That actually, I thought, was a really huge win for me as someone who is new to diplomacy. Having those common experiences, those shared experiences, to come to the table and feel that you're able to talk about very important issues together, I think was such a great example and really why we need more women in this industry. And that's not, again, just a female thing, but it just really struck me that it was mostly women around the table.
What I think about now is this industry, and especially in the policy arena, is so ripe for development. It needs more people, it needs more women here to talk about these issues. So, I like to say we need you, please try to work with us.
Yeah, that's a really interesting insight and it reminds me, we have a women in cybersecurity event that we hold each Fall, and shameless plug, Recorded Future has been a sponsor of. But one of the things I've heard is, this is an event that is primarily for women. I'm allowed to go but really just because I'm the host of the CyberWire. Otherwise it's basically women only. And what I've heard from the women who've attended is how much they appreciate that they feel as though they can have conversations that they could not have in more mixed environments.
That was a really interesting insight for me because what that provided me with was the knowledge to hang back, to where I would naturally try to insert myself into a conversation or a group of people. But the knowledge that I might be changing the type of conversation that could happen merely by my presence was an interesting insight for me. Certainly revealed some of my own inherent biases. Your description of this really reminds me of that in a way.
Yeah, I think so. I think when women are empowered to come to the table and actually have those discussions, then I think the outcomes are just that much stronger. I like to extrapolate this example, and I apologize if this is getting a little bit off tangent, but taking this example and really, again, extrapolating it to the larger piece of national security. When we don't have women at the table making very important decisions, I think we all suffer. And so, I was recently asked, "Well, why do we need groups like this? Why do we need groups that are really focused on empowering women or talking about these issues?" And my answer to that is, "There are very specific challenges that we face."
Recently I did a paper on looking at the issue of maternity leave in the intelligence community. And what I found was hiring was on par between men and women, especially in the early stages of their career. But in the mid-career ranks, the number of women sharply dropped. And so what that means is the number of women in leadership roles is much lower than that of men. Because obviously if you're losing all these women in those mid-career ranks, then not a lot of women will be advancing. And so you have this situation where you just don't have a lot of women at the table to make those really important decisions. And as such, I think national security as a whole suffers, basically.
So, it really comes down to some really practical issues. Things like paid maternity or paid family leave that really help women feel supported and enable them to advance in their career.
What is your advice for those women who want a seat at the table, either coming up through school or perhaps someone who's thinking about a mid-career shift, what sort of tips would you have for them?
My advice for women who might feel intimidated or might feel that they don't have a seat at that table is to tell them that you absolutely do, you absolutely belong there. And now there are a number of organizations that really seek to promote that aspect. So, getting women sponsorship and mentorship and resources and things like that didn't really exist back when I was coming up through the ranks.
I think I talked about this in our last podcast, but there was a time in my life when I was going to Georgetown and I took this class on women in national security and leadership. I had never really taken anything like that before, I never really had even thought about these issues. The professor there, who's now a very good friend of mine, her whole, I guess, central thesis here was that our innate skills and attributes and qualities, I think where in the past we were told that they weren't right for this world, are actually very important, and that we should bring our full selves to these issues. Things like vulnerability, for instance. Those are really important aspects for the conduct of national security.
I think reading certain things, reading certain books and talking to people, I think it's very important to do that. And reaching out to people. So, like I said, these networking groups that have popped up in the last couple of years, such as the NatSecGirlSquad, such as a group called Command After Next, which is run by my friend Jacqueline Tame. These are organizations that seek to provide that mentorship and those networking opportunities for women who are interested in this space but also have those feelings of maybe imposter syndrome, or feeling those challenges as a woman or even as a mother. I would definitely recommend seeking those out, having that networking, that comradery, if you will.
I guess, the opportunities are growing and there's more opportunities for mentorship than ever before.
I hesitate to say that. I didn't really have too much of that as I was coming up through the ranks and that really inspired me to want to create something like that at the agency where I was working. And then later when I went to Recorded Future, we started a women's mentorship initiative there, and that's continuing to this day, which I'm quite proud of.
My central theme for this year, in the cyber project, is Cybersecurity Is National Security. And I felt that I was recently validated because we went down to the CISA Summit last week and the Acting Secretary of DHS actually said in his remarks, “Cybersecurity is Homeland security.” So I thought that was really interesting, but I-
You jolted up in your seat and had a big smile on your face, right?
Exactly. I did. Yeah. I actually put that on our Instagram. And if I could plug that, we have an unofficial Instagram for my team here, it's called the_cyberdreamteam. And that is myself, Juliet, and Maria. Just looking at all the crazy things that we're doing here in our quest to influence cyber and digital legislation and policy.
That's why I talk about the women in national security piece because cybersecurity is national security and therefore these issues all are quite important. Everything from workforce development, capacity building, for instance, but also personal cybersecurity. And then again, looking at the patchwork of organizations, laws, actors, et cetera, within the United States, and then further throughout the world. I think these issues are also interdependent. It's really such a complex ball of issues, if you will. They all feed off of each other. Especially with that women piece, that I think is really important to address.
Our thanks to Lauren Zabierek from the cybersecurity project at Harvard's Belfer Center for joining us.
Don't forget to sign up for the Recorded Future Cyber Daily email, where every day you'll receive the top results for trending technical indicators that are crossing the web, cyber news, targeted industries, threat actors, exploited vulnerabilities, malware, suspicious IP addresses, and much more. You can find that at recordedfuture.com/intel.
We hope you've enjoyed the show and that you'll subscribe and help spread the word among your colleagues and online. The Recorded Future podcast production team includes Coordinating Producer Monica Todros, Executive Producer Greg Barrette. The show is produced by the CyberWire, with Editor John Petrik, Executive Producer Peter Kilpe, and I'm Dave Bittner.
Thanks for listening.