Kiersten Todt '94 is chief of staff at the Cybersecurity and Infrastructure Security Agency (CISA). Prior to her current role, she served as managing director of the Cyber Readiness Institute, a nonprofit she founded. Todt served in the federal government in 2016 as the executive director of President Obama’s independent bipartisan commission on enhancing national cybersecurity. She also previously worked for the U.S. Senate Committee on Homeland Security and Governmental Affairs.
She graduated from Princeton in 1994 with an undergraduate degree from the Woodrow Wilson School of Public and International Affairs (now SPIA) and earned a Master in Public Policy from the Harvard Kennedy school.
In this episode, she talks about the power of perseverance and being open to different career paths. She believes you can learn as much from failure and challenge as you do from successes. CISA is also hiring, and Kiersten wants to hear from you! Email her.
Todt and Jen Easterly of SPIA will visit Princeton on March 17. Learn more about their visit.
Q: What initially drove your focus on cybersecurity? What keeps you interested in it today?
Todt: I had a unique opportunity when I was on a fellowship in the federal government after graduate school. I’m from Connecticut, and I was working for my senator at the time, Sen. Joe Lieberman. Sen. Lieberman became chair of the Senate of the Governmental Affairs Committee, which he asked me to work on. The first assignment I had was to do a hearing on critical infrastructure protection, which was scheduled for Sept. 12, 2001. At the time, I didn't know what critical infrastructure protection was, so I spent July and August researching it. And then 9/11 happened. In that hearing, Sen. Lieberman turned to those of us that had been working on it and said: “You should have a Department of Homeland Security.” This was before that word was even commonplace. That flipped me into this space. Before that, I was working on urban development initiatives, economic development initiatives, and it was about seizing the opportunity to serve in that moment.
Q: In what ways has cybersecurity changed since you began your career?
Todt: That is what is interesting now having been in this space for over 20 years. At the time, we were talking about how much of a role is cybersecurity would have. It was nestled in this one space with technology and innovation. But we were talking about the convergence of cyber and physical systems as an idea, not as actual reality. When you think about the pace of innovation, the pace of research and development in this time, everything has just accelerated exponentially. If you had asked me in September 2001 where I thought the space was going, I could not have predicted what’s happened and how quickly.
Q: In your work, what current project or initiative are you most excited about?
Todt: CISA is a unique agency. It’s the newest agency in the federal government and was launched in 2018. The way that I look at CISA is in three buckets. How is CISA going to build out its internal workforce? We are the workforce to handle cyber and infrastructure security for the nation. How do we work with the federal government agencies? Our mission is to secure the .gov, the federal government network, the civilian network. The third piece is how we work with industry partners because we are responsible for helping to protect the nation’s critical infrastructure, but over 90% of critical infrastructure is owned and operated by the private sector. We must partner with industry in order to be able to protect what that infrastructure is.
Another key piece to the workforce is recruiting and retaining talent, but importantly, bringing in a diverse workforce. That’s not just cultural and gender. It's thinking about neurodiversity, diversity of thinking, and background. Cybersecurity is so much about solving problems and building solutions. The most effective way to do that is not just through math and science, but to have experts in sociology, psychology, history, economics, all those elements. Building out that workforce is our number one priority.
Q: What is one of the biggest challenges that the U.S. is facing in the realm of cybersecurity?
Todt: One of the biggest challenges is helping everybody understand their role in cybersecurity. In 2016, I had the opportunity to serve as executive director of President Obama’s commission on cybersecurity. Following that work, we started a nonprofit, and I launched it with the CEOs of large companies like MasterCard and Microsoft, to look at the role of human behavior in cybersecurity to help small businesses improve their cybersecurity. If we look at supply chain security, small businesses are such a critical component of our supply chains. Small businesses make up a lot of our economy, but they often don’t have the resources to invest in cybersecurity because cybersecurity became a budget line item in the last decade. If you can focus on human behavior when it comes to security, thinking about password security, patch updates — things like that — then human beings can be a force multiplier. The analogy that we make is thinking about driving a car. You don’t need to be an auto mechanic to drive a car, but you know that you need to keep air in the tires and to check the oil. Cybersecurity is similar. The objective is to help every individual understand that they have a responsibility to do the basics in cyber. It’s not a science and engineering issue. It’s not something you delegate to the IT person. You have to own that responsibility in order for us as a nation and a world to raise the baseline level of security across our infrastructure.
One of the things we’re focusing on is working with citizens to help them understand cybersecurity. One of the basic efforts that everybody can take is to do multifactor authentication. If everybody could enable multifactor authentication, the statistic by tech companies like Microsoft says that we'd eliminate over 99% of the breaches today. We’re looking at a public awareness campaign, partnering with companies like Apple and others to get out the message about multifactor and to eliminate single factor authentication by 2025.
Q: In what ways do you think the U.S. is doing well in the cybersecurity space?
Todt: For the first time, we're seeing a coalition of like-minded individuals, organizations, and institutions say cybersecurity is a priority, and it’s greater than any individual responsibility or authority. You’re seeing bipartisan support for cyber. It’s a non-political issue. You’re seeing the federal agencies come around to say: We have to work together, and you’re seeing industry want to work with government and vice versa, recognizing that we’re not going to tackle this problem as any one entity, but that we will tackle it together. Chris Inglis, who’s the national cyber director in the White House, often says, “In order to beat one of us, you have to beat all of us.” It’s the concept that together we will always be stronger. What we say at CISA is that cyber is a team sport, and we have to come together. Right now, there’s awareness and that mindset for the greater good that we’ve not really seen in the same way before.
Q: In what ways did the Princeton School of Public and International Affairs prepare you for your career?
Todt: One of the fascinating ways Princeton prepared us for the service space was the interdisciplinary approach to problem solving. It’s important to look at how different disciplines can feed into one’s ability to solve a problem. I remember putting together the coursework at Princeton: a class in sociology, a class in economics, a class in politics, and history. That interdisciplinary approach to problem solving has been critical. It was an important piece of my education, but has been critical to my whole career because it has always encouraged me to not just think in my expertise or my aptitudes, but to think what part of this problem am I not seeing? Or what aptitude or capability am I missing? I may not be able to offer it, but who should I talk to? Where should I go to fill in that gap to look at this problem much more holistically? I feel confident that was a direct result of having to build out my curriculum in order to graduate from the School, along with the thesis and the professors.
Q: Over the course of your career, what are the most important skills/strategies you’ve learned?
Todt: In your career, you are going to come across things that you are interested in that you may not have identified. It’s important to be open to where the environment and where your interests will lead you — even when they’re unfamiliar. Working in the Senate and 9/11 was a great example because if you had told me that I was going to be in national security, I would’ve probably said no because of what I thought I wanted to do and how I wanted to have impact. But being open to where that career path guided me in a very different way and took me on a journey that was not linear at all. It gave me a complexity and a broader depth of substance than I ever would’ve had if I had stuck with a linear path. Ambition often has a linear expectation. But you have to be open to the unknown and where the journey can take you and be comfortable with things not working out. You learn as much from failure and challenge or things that push you to a different place as you do from the successes that you have.
Q: What initially drew you to service, and what keeps you in that space?
Todt: The journey was interesting after my freshman year in college at Princeton. I cold called the governor’s office in Connecticut and introduced myself and my interests. By a bizarre set of circumstances, the chief of staff to the governor had an executive assistant who was going to be gone for three weeks. He asked me to fill that role for three weeks. It was during the time that Connecticut instituted its first income tax. We were up all night with a legislature. I fell in love with that idea of service and seeing the impact right in your communities of your actions, both your successes and the failures. The next summer I worked the whole summer there.
You commit to the service, and you know when you’re there that it’s important to you. What was fascinating for me about taking this job is that it felt like coming home. I felt so comfortable being back in service because of that idea of contributing to something bigger than yourself to try to make an impact. It’s the fulfillment and how you look at wanting to make something better that’s important. That’s one of the things that has struck me about the workforce here is how mission oriented everybody is and how they prioritize service.
Q: What you think it takes to be a good leader in today’s climate?
Todt: It’s about identifying both a problem and your idea for a solution and then bringing together the resources. It’s always knowing what you are good at and where you need support and where others have skills and capabilities and integrating all of that. It’s often breaking down the complexity of an issue and focusing on what you want to achieve. What are the concrete outcomes to get to that place, recognizing that there’ll be milestones? The goal may take many milestones throughout the journey, but if you look at your progress and give yourself concrete metrics for success, then you can guide yourself on that journey. That perseverance becomes critical.
Q: How can young people entering the workforce be successful?
Todt: I would identify the positions students are interested in or people who have those roles. I’m a believer in calling and asking questions and finding out how to get there. Persevere if you have one bad call. There are so many jobs, and everybody is looking to build out the younger workforce in these roles. The opportunities are out there. It just requires a little bit of work. If you see people who are in these positions or if you come across somebody who you connect with, ask them for their advice, ask them to recommend people with whom you should speak, and be patient in that process.
#Changemakers is a Q&A (and sometimes podcast) series featuring the many Princeton SPIA alumni who built up their policy toolkits at Princeton and went on to change their communities. The series is produced, hosted, and edited by B. Rose Huber, director of communications and senior writer at SPIA.