A conversation with Callie Guenther, cyber threat intelligence (CTI) manager at Critical Start
Closing the cybersecurity workforce gap has been a top concern for more than a decade. But it has become more urgent given the escalation in cyberattacks over the last two years, punctuated by recent geopolitical events. Diversity is key to both expanding the talent pool and providing different perspectives as the threat landscape evolves. As a woman of color with a strong political science and cyber threat intelligence (CTI) background, Callie Guenther is uniquely positioned to offer valuable insights on these topics. Callie, CTI Manager at Critical Start, leads a team responsible for intelligence operations across the Cyber Research Unit, managing the entire intelligence lifecycle to provide relevant CTI to internal and external stakeholders.
You have a very interesting background. How did you get into cybersecurity?
My journey began in the Navy as an information systems technician. I then moved into the Maritime Intelligence Center (MIC), applying my IT knowledge to work with intelligence systems, including classified networks for 7th Fleet. I had the opportunity to get warfare qualified in the intelligence space and jumped on it, becoming the first enlisted in 7th Fleet to receive that qualification.
After active duty and while in the reserves, I went to school. I had an interest in languages and studied Arabic. But through the Navy, I had also seen first-hand the connection between threat actor groups and political campaigns. That experience drove my transition from foreign language to a BA degree in political science, followed by an MS in government analytics.
My first real step into cybersecurity on the commercial side was with Digital Shadows, working as an analyst and then on the engineering team where I was focused on data feed curation and dark web data sources. That helped me understand the bigger picture of intelligence and the impact on the security posture of organizations.
The historical context for how conflicts develop is often lost. I lean on my political science background to inform the intelligence perspective that I have. Take Russia for example. Many people are focused on building detections to prevent against WhisperGate. But why is WhisperGate their access point, how do they select their targets, and what are their motivations? If you can look back at the chain of events over decades, you gain a deeper understanding of what’s happening now and why. Intelligence is all about context. Understanding the actors from the technology, political science and intelligence perspectives, grounds the strategy for cyberspace and has formed a nice bridge for me in my area of interest.
What do you see as the greatest challenges the cybersecurity industry faces right now?
There are a couple of big threats. First, the capability of the current geopolitical situation far exceeds what people expect. I think countries have much greater capability than most people would assume. Second, it’s important to remember that events can be used to provide a real distraction from some of the other geopolitical tensions in the world. A country’s reaction and involvement can have widespread implications for others in the world. Treading that line well and defaulting to diplomacy always is a real challenge. There are obligations to allies, but involvement has greater implications. The domino effect and the distraction are a real concern.
What unique perspectives do you think women bring to the challenge of cybersecurity?
Women bring unique perspective that makes things better in all areas of life, including the military, cybersecurity and leadership. In the same way that the diversity mechanism functions efficiently in different spaces, the component of gender plays a role. Women are often better suited to answer the next generation of questions because they’ve walked a different path from their male counterparts. The demographic of most leadership teams in most companies in America is pretty narrow. I think the cybersecurity industry would do well to address the disparity earlier in women’s careers. Women are in this dichotomous situation. They are often top performers as individual contributors, but not setup to understand the capacities of leadership, the questions leaders are asked and the decisions they have to make. When you’re the only women and the only person of color, how do you find a mentor? Intervention early on is a key to bring in the female perspective and allow a shift in diversity at the leadership level. When I was in the military, even in the most female friendly platform in the Navy, women were still only one out of every 10.
There’s a lot of FUD out there. What makes you optimistic about the war on cybercrime?
I think we’re finally at a place where we are collectively seeing cybercrime for what it is. We have government policy onboard to go after cybercriminals, agencies are taking information sharing to a level we’ve never seen before, and private organizations are also contributing to the larger conversation. We are connecting the dots and collaborating because we are backed by policy. There were inklings before, but now governments are going after individuals and threat actors are concerned about going to jail. The collective conversation and collaboration is approaching something that could be really successful in mitigating cybercrime.
Since March is Women in Cybersecurity month, do you have advice to share with women thinking about getting into cybersecurity or still early in their careers?
First, choose something you’re passionate about. Don’t go into cybersecurity because it is trendy or because you can make a lot of money. Find something you love to do and that interests you and pursue that. If you follow your passion, you’ll be happy and that’s really important. Second, don’t pigeon-hole yourself into a technology. Have an open mind and do your very best to understand the broadest picture possible of the security challenge you’re trying to solve. From an employer’s perspective, when I’m interviewing someone, I’m looking to see if the candidate is interested, motivated and wants to learn.
Related: CISO Conversations: Raytheon, BAE Systems CISOs on Leadership and Threats
Related: Is The Education System Keeping Women Out of Cybersecurity?
