Exit interview: Kemba Walden talks advancing cyber — and becoming a role model — in government
The former acting national cyber director highlighted federal enterprise cybersecurity, cyber workforce issues, her experience as a leader and what it was like being the first Black person and first woman to helm the White House office.
Kemba Walden has done a lot in her professional life.
She got a master’s in public administration, worked in Tbilisi, Georgia in the 1990s and went to law school, intending to work on macroeconomic issues.
Walden says she went “full swing” in the legal world before moving to the government, where she worked at the intersection of telecommunications and national security at the Department of Homeland Security and on election security at the Cybersecurity and Infrastructure Security Agency and its predecessor, the National Protection and Programs Directorate. Later she launched and led Microsoft’s ransomware program.
More recently, Walden worked in the White House’s Office of the National Cyber Director for about a year and a half as the principal deputy national cyber director and as acting national cyber director. She was considered for the top post — and endorsed by lawmakers and her predecessor — although she was passed over because of concerns about personal debt affecting her confirmation, according to media reports. Walden left ONCD in November.
Now, Walden is taking a “much needed break,” she said. She’ll start a new gig next year, the details of which are still to be announced. She spoke with Nextgov/FCW about her experiences and insights from her work at ONCD.
First up: how she thinks the federal government is doing in executing on the Biden administration’s 2021 cybersecurity executive order and National Cybersecurity Strategy.
“There are a variety of activities going on in order to be able to level the playing field across departments and agencies when it comes to basic cyber hygiene” — like multi-factor authentication, encryption and logging — “using all levers at the government’s disposal,” she said.
Recent breaches at the Commerce Department and State Department showed the Cyber Safety Review Board — of which Walden has been a member — “disparities between logging capabilities among departments and agencies,” she said. “There's work underway with CISA and the federal [chief information security officer] in order to normalize what logging looks like.”
Another focus of Walden’s time in government has been modernizing its tech.
“We have, across the government, some very old technology that was not designed for cybersecurity… We have to reduce some of that technical debt in order to be able to employ the security controls that we need to employ,” said Walden. “I view what the president and Congress did with the American Rescue Plan and implementing [the Technology Modernization Fund] as one of the first steps in ensuring cybersecurity.”
ONCD has also focused on making cybersecurity a top priority, she said, finding that “our best value-add was by going to the secretaries and the deputy secretaries.”
“Those were conversations that we've been having early in ONCD’s development in order to help [chief information officers] and [chief information security officers] even meet their secretaries in some cases [and] in order to be able to help with authorities for getting the right resources in the right place in order to reduce some of that technical debt,” said Walden, noting that with accountability for secretaries and deputy secretaries came better implementation.
Walden also noted that the people element has been a throughline throughout her career both before and after she entered the cybersecurity field.
“People are in cyberspace, and they can't really thrive in cyberspace unless they feel secure in cyberspace,” she said. “Every opportunity I had to bring people up as being a part of cyberspace, I did.”
As for how to widen the pipeline to get more non-traditional talent into the cyber workforce, “I think there needs to be, and we’re on the track for, a culture shift in cyber,” said Walden. “I’m a good story for somebody with different skills that can have an impact in cyber.”
And “the jury’s still out” in terms of how the attention to diversity, equity, inclusion and accessibility in cybersecurity is affecting real change, said Walden.
“ONCD and other agencies have been very focused on diversifying the workforce if for no other reason than because cyber is a sticky, nasty problem… so you need to lean into your superpower, which is diversity in the United States as far as I can tell, in order to get after it,” she said. “We're going to have to measure what the impact is of the push.”
One focus at ONCD, she said, has been emphasizing to contracting officers and vendors that “there are few [Federal Acquisition Regulation] rules that require four year degrees with cyber jobs,” meaning that four-year degrees don’t need to be included in contract requirements — a move that could open up jobs to more people.
In terms of pushing culture change: “I’m not great at being out in public,” said Walden, a reveal from someone who headlined events, attended panels and more during her time in the White House.
“But, if you can’t see it, you don't imagine it,” she said. “That's one of the reasons why I took the approach of being out there in public, because I'm a good story about why we need differing experiences in cyberspace… And so I make it my point to put people in front that have different skills.”
Walden was also the first woman and first Black person to helm the White House’s cyber office. Cybersecurity is largely a male, white field.
Being one of the only women or Black people in the room is something she’s experienced throughout her career, said Walden, noting that “it’s not easy.”
“What was new for me” at ONCD, she said, was the intentional decision “that I needed to be seen, so that I can inspire the next generation, or those that come up behind me.”
That need to step into the spotlight was solidified when Walden got to meet Condoleezza Rice — the first Black female secretary of State and the first female national security advisor — in May.
Although “we have different ideas,” said Walden, “I didn’t know that at this stage in my career, I also needed to look in the face of somebody that could represent my future… That was the first time that I can recall that I actually was able to look at another woman that had a similar background, or similar expertise that I do, and I could see my future.”
“Having that added lift of seeing someone that reflects who you could be or who you may be is priceless,” said Walden. “I strive to be that person for somebody.”
NEXT STORY: Fed 100 deadline extended to Jan. 12, 2024