Listen to the podcast here:
Business and security leaders are constantly challenged to change the way they approach cybersecurity and risk. How can the startup community contribute to that mission? Gamiel chats with Teresa Shea, Vice President of Cyber Offense and Defense Experts (CODEX) for Raytheon Intelligence & Space (RI&S). Teresa joined legacy Raytheon from In-Q-Tel, a not-for-profit strategic investment firm that invests in high-tech companies in support of the United States intelligence capability.
She joined In-Q-Tel after a distinguished 32-year career with the National Security Agency (NSA) where she held several key leadership assignments, culminating as the director of Signals Intelligence. Teresa has received numerous awards, including the President’s Distinguished Rank Award from former presidents George W. Bush and Barack Obama, the National Intelligence Distinguished Service Medal, the Central Intelligence Agency’s Donovan Award and the Department of Defense Medal for Distinguished Civilian Service.
Teresa grew up in Georgia and, when she graduated from high school, she really wanted to be a math teacher. But, having grown up poor, and realizing that math teachers weren’t making substantial money in Georgia at the time; she refocused her love for math on engineering. She earned a bachelor’s degree in electrical engineering at Georgia Tech, just 17 miles from her home. Engineering was not a typical focus for women of her generation.
“I had the great privilege of starting my career at the National Security Agency and really loved it. Every day you can see the difference you’re making in saving lives, informing policymakers and influencing major decisions. It was such a rewarding career and I would encourage anybody and everybody to consider doing a stint with the intelligence community or in our defense space.”
Cybersecurity and intelligence are male dominated fields, but Teresa made forays into her career with passion and persistence. She encourages other aspiring women to reach out to her for guidance and support.
“I’m interested in talking to individuals who are curious, persistent and who want to make a difference,” she said. “Cybersecurity is a constantly changing field, and you have to embrace the idea of being a lifelong learner, constantly ask questions and listen actively to the answers of others, because we all learn together and have to help each other and work together to really be successful.”
Learning from Variety of Roles
At the National Security Agency, Teresa was asked to take a position that was a real game changer for her—leading a group called Tailored Access Operations. NSA has two missions, Signals Intelligence focused on foreign adversaries and Information Assurance- now called Cybersecurity. Tailored Access was responsible for supporting the Signals Intelligence mission.
“My experience running Tailored Access was incredible. I knew at the time, that cyber was a growing field and that we were going to see increasing interconnectivity. And the attack surface will continue to expand with the speeds that new technologies, 5G [and 6G], will bring to this.”
“In the intelligence community, it’s hard to keep pace with what’s happening in the startup community and how to leverage incredible next generation technologies and apply them to our operational space. At the NSA, In-Q-Tel was the connector for us, especially in the startup world,” she said.
“I found that the startup community really wanted to support the national mission. When I retired from the NSA, the CEO of In-Q-Tel, Chris Darby, asked if I would run a cyber-reboot lab focused on cybersecurity. Having spent so much time on the offensive side, I was very aware of how vulnerable we are as a nation on the defensive side.”
I ran In-Q-Tel’s technology investments for about four years and got exposed to the great work that Mayfield and the other venture companies were doing to help apply new technologies to the mission every day.
Defense Agencies and their Acronyms
Teresa took a moment to describe the differences between the agencies in the defense space.
“The NSA mission is about signals intelligence—SIGINT: which is intelligence gathered from communications and electronic signals. They focus on foreign adversaries, so they don’t conduct operations in the U.S. The focus is all foreign. They are both a Department of Defense organization as well as an intelligence community organization. They are a combat support agency in DoD. They’re on the ground with the troops providing force protection in the form of intelligence.
The CIA is a human intelligence organization—HUMINT: which is intelligence gathered by spies on the ground working in very, very difficult foreign spaces providing HUMINT to policymakers in combination with the rest of the intelligence community.
Cyber Offense and Defense at Raytheon Technologies
“In-Q-Tel tried to get startup technology into the operational space, but the operational space within the intelligence community is largely operated by the big defense contractors of the world. I was on a technology advisory board for [legacy] Raytheon and understood their desire to leverage more of this cutting-edge technology. [Legacy] Raytheon hired me [in 2019] to help connect that tissue.
I knew their people within this group called Cyber Offense Defense Experts and knew how good-really good- they were at providing capabilities in reverse engineering, vulnerability research and exploitation. We wanted to focus on bringing those kinds of offensive capabilities to the defense.
For example, we’re currently developing a capability that takes the tools and techniques we use to do emulation, vulnerability research, and exploitation development in an automated fashion to your internal network so that you have a better defense. The goal is to, in real time, have an automated capability that identifies an attack, reverse engineers the malware, figures out how to apply and exploit that, and then stop it, with the goal of not bringing down any of your endpoints–your operation. But the only way we can do that is because we are so intimately familiar with how the offense works.”
Protecting our Cyber Lives
Teresa said that we should all be doing fundamental things to help protect our own cyber lives:
- Everyone needs to constantly try to protect themselves online;
- Don’t click on random links and attachments in emails when you don’t know the person sending them; and
- Back up your data in case there is a ransomware attack.
Everyone, says Teresa, is going to be touched by cyber in one way, shape or form.
“The larger worry for me is around our critical infrastructure and the threat of adversaries to take down our power grid for example. Look what just happened just with the natural weather disaster in Texas. Over 90% of our critical infrastructures are owned and operated by the private sector, and they’re all running a business. We have to work with them to help improve their security and defend against advanced, persistent threats.”
It has been reported that adversarial nation state actors have carried out recent attacks. These guys don’t have any rules. They’re well funded and very smart. It is somewhat of a free for all out there. And we just need to do everything we can to stop that.
Working with Startups
“Innovation has got to become a daily habit. Mayfield is leading the way here [with CXO], in my opinion. If you go back and look at post-World War II, the U.S. government was doing the majority of the innovation and making massive investments in research and development. That’s not the case any longer.
The real investment is coming from the venture community and from the large corporations. We saw that shift happen over time. And I give the U.S. government a lot of credit for some of the great innovations they’ve come out with. The commercial use of computers and electronics sparked the growth of venture capital, and Silicon Valley has played a large role in that. These investments in cutting edge technologies turned into some of the major technology firms we have today.”
Approaching the Intelligence Space
“Small companies do not have teams of lawyers and acquisition professionals. They are lean and mean, and their value is their intellectual property. It’s often not practical for small companies to go through all of the process and procedures to get the security clearances they need to talk to and work with the intelligence community. That’s where companies like Raytheon Technologies comes in to help make those connections. We get to know about the small companies and about the right place in the intelligence community space that they would best plug into.
The best way to do that is to have startups reach out to people like me, in these big companies, to help connect those dots. I’m passionate about making those connections and know that others are too. We have seen many success stories, so I think the process is improving. A few examples include:
We started with In-Q-Tel 20 years ago. Now, all of the major services have similar kinds of venture investment firms. The Army, for example, has Army Futures Command. They’re making investments in small emerging companies. Another example is the Defense Intelligence Unit which serves all of DoD. There are also a growing number of these examples in the Department of Defense and intelligence community.
There has also been a change in how acquisitions work. The Federal Acquisition Regulation (FAR) is a 500-page document of rules and processes that you have to follow to do an acquisition with the Department of Defense. Each arm of the Department of Defense, including the agencies like the National Security Agency, must follow this regulation. Recently, they have come out with some new authorities that allow them to do acquisitions in a more turnkey fashion. So, if you have a product, they can buy your product. I think there’s recognition that our startup community is a true national asset, both for speed and for scale.”
The Impact of the Pandemic on Women in Leadership
“I am gravely concerned about the impact this past year has had, especially on women in the workforce. Up through September of last year, 865,000 women were displaced, as opposed to 260,000 men. And the boundaries between work and home have smeared. [Many] support systems, including schools and daycares, are shut down. Women (and men) have to teach their children and care for them. My own daughter got out of the workforce because she needed to take care of her baby.
We have to help women get back in when they’re ready. We have to be aware that this time off is due to circumstances out of their control. I don’t have a magic button, but things are going to get better with vaccines rolling out. I can’t say when, but the support systems will come back online.”
- Take care of yourself. Take time to do whatever it is that you love to do every day, whether it’s exercise or just relaxing. It’s important to recharge ourselves so we can be there for others.
- Embrace lifelong learning and listening. You really have to do that in today’s world because things change so fast. I’m constantly trying to learn from and listen to others.
- Live a life of significance by really trying to make a difference for others. Staying true to the priorities and the values that I have and assuming noble intent by others has worked for me.
Join The CXO of the Future Community today: