Protecting the Global Digital Ecosystem with Heather King Westerman (M.S. in MIT ’18) of Cyber Threat Alliance

April 12, 2019

Article Image Group

Heather King Westerman

Heather King Westerman always thought she would have a career in communications.

The Chief Operating Officer of nonprofit Cyber Threat Alliance says that while communications was central to many of the positions earlier in her career, the events of 9/11 completely changed her perspective. Inspired with a new commitment to service, she became an active volunteer in her community, which led to a developing interest and eventual involvement in emergency management and homeland security.

Her experience in risk management grew, and Westerman took on positions of increasing responsibility with state and federal governments, participating in the review of scores of state and local emergency plans for community preparedness issues after Hurricane Katrina and working with the Federal Transit Administration (FTA) and Transportation Security Administration (TSA) on the Transit Watch Program—a precursor to “See Something, Say Something.”

After multiple roles with the Federal Emergency Management Agency (FEMA), she found herself working on the National Security Council staff on what Westerman calls “very challenging problems facing the nation.” And while her communications undergraduate degree from VCU and graduate studies in global security with Virginia Tech were useful for the many challenges of her exacting occupation, she desired a broader understanding about information technology that UVA McIntire’s M.S. in MIT Program offered in its convenient one-year format.

We spoke to Westerman about her success across multiple high-profile, high-pressure positions and how her experience at McIntire is helping her to meet her goals as COO of the Cyber Threat Alliance.

How did you go from working with the Virginia State Police while attending VCU to taking on positions at the White House and a senior role at the U.S. National Security Council?
While I’ve been very fortunate to be afforded some wonderful opportunities by mentors and people along the way who championed me, I’ve continued to press on myself to learn more, work hard, and be exposed to talented, phenomenal people. Furthermore, if I’ve learned anything during my career, emotional intelligence is so very important in all that I do. I have often relied on soft skills in meetings to pick up the unspoken aspects of a meeting and what the underlying tensions might be. This has been very important in all that I’ve done, and I now find that most people want those individuals with strong soft skills who can think more broadly while also being able to get things done.

Many of the positions you’ve held seem to have communication at their core: sharing information, integrating policies, and introducing frameworks between multiple agencies at the local, state, and federal levels; managing the development of national security decision-making processes; and building and managing programs, teams, multimillion dollar budgets. To what do you attribute your success in these complex roles? What did you learn from years employed in these deadline-driven, high-stakes jobs?
In terms of what I’ve learned over the years with deadline-driven, intense roles, more than anything, you truly understand and are able to ascertain what a true emergency is and what needs to be taken care of now versus later. You’re also able to ruthlessly prioritize as well as move very quickly across tasks. Further, in terms of what success might look like, communication is at the heart of everything I’ve done, whether in writing or orally. I’m constantly evolving my communications and trying to improve. That’s a constant work in progress, and I’m a strong believer that one can always improve. Moreover, my family has been a huge part of the “success” I’ve experienced—ultimately, a reflection of the support they’ve given me. And, finally, when I’ve been “successful,” it’s the result of high-performing teams I’ve had the privilege of being part of that think of the broader team and use simple words “we” versus “I” in their communications.

Is working in the White House as glamorous or as intensely dramatic as we all imagine it to be?
I don’t know if it’s necessarily glamorous. There are definitely some memorable moments. More than anything, it’s both a privilege and sacrifice. A privilege that you are working for the American people and on such hard problems confronting our nation alongside talented, hard-working individuals. And a sacrifice because you spend so much time away from your own family. There’s no other place like it in my mind. It offers the ability to have such a huge impact. But, it’s highly important to remain grounded and recognize that you occupy a position for a period of time, but that one day you will be looking outside of the gates again, looking back at the White House.

Let’s turn to your time at UVA. What initially drew you to apply to McIntire’s M.S. in MIT Program? What did you hope to get from it?
For me, I had decided I wanted to get back into an academic setting again after several intense years. While I had worked on cybersecurity and risk management issues, I was looking for a program that would afford me a broader view of information technology. Moreover, I liked that the program was one year, during which I could experience both the Charlottesville and NOVA campuses and feel connected to the University. I also appreciated that the program from beginning to end is very structured and organized: That fits well for busy working professionals who also have other demands, such as families. I wanted to better understand some of the broader perspectives of IT and business that I could then apply to my thinking and work.

How did the program ultimately augment or enhance your already deep skill set?
This program taught me strategy at its core—how to analyze a company, where it sits within an industry and among its competitors, and how to contribute to differentiating it among its peers to create real revenue and viability. I often hear people use the word “strategy,” an overly used word, and I’m often uncertain that they understand the word they are using. I did not know business strategy before UVA, and I now have the tools and knowledge to be able to talk business strategy with the best of them!

As you’ve held positions that entrusted you with some serious responsibilities, how were you able to balance your work life with pursuing the M.S. in MIT and being a mom of two? Can you speak about the flexibility of the program?
I have to give credit to my family for the wonderful support they’ve given me. For me to be leaving a tenure on the National Security Council team to then enroll in a full-time one-year program while working could have meant that my schedule would remain very grueling, and yet they supported me with pressing forward with the program. For me, I approached the program by doing the best I could while also taking care of myself. I typically did schoolwork during the weekday evenings and reserved one day on the weekend that I spent time with my family and for myself. Towards the last few months of the program, it was harder to do this, but I strived to keep that routine.

Notably, one of my children needed a significant surgery during the course of the program, and the faculty worked with me so that I could remain focused on my daughter’s surgery and recovery but still continue completing the program. I also had an executive meeting at one point during the program and participated remotely while I was on business travel. I found the faculty did everything they could to enable me while also being fair to the rest of my colleagues in the program.

How has what you’ve learned in the M.S. in MIT Program changed how you approach your current role as COO for the Cyber Threat Alliance? Have there been any direct applications?
Fortuitously, as soon as I was done with the program, I needed to collaborate with our team at work on an industry analysis and business strategy. I put the knowledge and experience gained from the program immediately to use. It’s been enormously helpful, particularly to be properly trained and taught on business strategy, since a lot of my prior experience had been in government.

What have you found to be the most surprising aspect of your work in cybersecurity?
Three things. First, it’s all about risk management and what a person or organization’s tolerance is for the level of risk they are willing to accept. Second, as in any emergency, the first reports of a cyber incident are going to be wrong—they just will be. Third, as a friend of mine says, “Don’t confuse evil with stupid.” We are all still human, and as a result, an incident could be the result of human error.

What are you hoping to achieve at the Cyber Threat Alliance going forward? How do you imagine that the M.S. in MIT and the connections you’ve made through the class might support any of your future professional goals?
I’m hoping we will continue to grow the membership of the Alliance, thereby increasing the amount, depth, and breadth of data that’s shared, ultimately, to increase the security for everyone who uses the internet. I’ve remained in touch with some of my colleagues in the program. Our cohort was and is a strong community, and I’m grateful to be able to reach out when I need to bounce something off of one of them. Admittedly, you never know where a colleague or friend might lead you. I’ve certainly learned that, so being open to the possibilities and supporting your colleagues are key.

Bonus question—what should the average person know about cybersecurity?
The simple things can be the most important in keeping you and your loved ones safe and secure against malicious cyber activity. Be aware of how large your digital footprint is, such as how many accounts you have, the information you’re making broadly available publicly or with your friends. Something to keep in mind—nothing is gone forever. There is a record of everything. Once it hits the internet, it’s there forever. The delete button is a false sense of security. There are simple things you can do—cover your webcam, lock your devices when you’re not using them, and look for the lock icon in your web browser, which will tell you that you’re visiting a secure website.