The Cybersecurity Division of the Cybersecurity and Infrastructure Security Agency (CISA) leads the efforts to secure federal, civilian, and government networks and helps protect our critical infrastructure against cyber threats in cooperation with the private sector.
ClearanceJobs had a conversation with Alexis Wales, the Associate Director of Threat Hunting. Wales has worked for the Department for the last 12 years starting in infrastructure security before taking the helm of Threat Hunting. The Threat Hunting subdivision seeks out adversary activity in stakeholder environments, responds to and mitigates the impact of cyber incidents, provides a technical understanding of threats to the network defense community, and disrupts or degrades adversary objectives. Wales is leading her organization in pioneering new approaches to the federal cyber tradecraft, anywhere from network and industrial control infrastructure to mobile and cloud, always searching for the bad guys probing the perimeter or already entrenched.
“Our job is to do the nearly impossible – to find the unknowns,” Wales says.
AN INTERESTING CAREER PATH TO A CYBER AGENCY
Wales has over 20 years of experience in risk management, federal program management, and providing decision support to executive leadership in the public sector. She is a cybersecurity policy subject matter expert, providing leadership on cybersecurity governance and risk management. Wales has assisted in developing policy, doctrine, and guidance to advance risk-informed decision making within the federal cybersecurity space.
Wales was motivated to get into national security as a discipline following the 9/11 attacks. Following college, she was inspired to support her country and do something about the new pervasive culture of fear. From anthropology and history in undergrad, studying fear and different parts of the human experience, she decided studying security in graduate school would provide the best opportunity to serve the Nation. She started her career in the Defense Department’s Near East South Asia Center for Strategic Studies, leading international coalition-building efforts around biodefense plans. Wales has also worked in several leadership positions throughout CISA, providing risk-informed decision support to critical infrastructure owners and operators.
With experience in combatting transnational threats – those that aren’t interested in borders (e.g., Chemical, Biological, Radiological, and high yield Explosives) – she recalls that, “The Department of Homeland Security (DHS) was a newer agency, and had a lot of opportunities for entrepreneurial people.” The agency welcomes talent with a diversity of perspective, and that is what drew Wales to CISA. Over time Wales has sought out opportunities for professional development and diverse experiences to expand her operational and technical knowledge for a greater impact on the national security landscape.
From 2009-2011, Wales was a program manager at the Homeland Infrastructure Threat and Risk Analysis Center, an all-hazards analytic resource for public and private sector partners covering the full array of risks and challenges facing the infrastructure community. As program manager, she helped manage the Department’s advanced modeling, simulation, and analysis program at the National Infrastructure Simulation and Analysis Center, where researchers from the Los Alamos and Sandia National Laboratories conduct analysis of the Nation’s most complex infrastructure challenges.
From 2011-2015, Wales was the Department’s Chemical Facility Anti-Terrorism Standards (CFATS) Program’s senior program manager. The CFATS program is a set of federal security regulations for high-risk chemical facilities, ensuring risk-based performance standards are met through the development and implementation of Site Security Plans or Alternative Security Programs.
From 2015 – 2017, within the Office of Cybersecurity and Communications at DHS, Wales was the Branch Chief of Cybersecurity Governance, supporting the Federal Network Resilience Division as both the Governance and Training lead and the Deputy Chief of Cybersecurity Performance Management. In her roles, she is charged with providing Federal civilian agencies with a better understanding of their cybersecurity risk posture and provides oversight entities with insights into cybersecurity maturity across the Executive Branch. One of the key challenges facing government organizations is the breadth and complexity of the task they are charged with: securing their networks and achieving network resilience. The concept of network resilience expands upon the traditional definitions of “cybersecurity” by going beyond technical controls and information technology (IT) operations. Wales and her team focus on the convergence of IT operations, information security, and business continuity.
In 2020, Wales served as the Election Security Mission Manager for CISA. Wales coordinated and orchestrated CISA’s resources against the #Protect2020 Lines of Effort, ensuring that the near-term tasks were addressed to achieve the long-term strategic goals. Additionally, Wales ensured that election security efforts aligned to the changing threat and risk environments, creating a cohesive and comprehensive portfolio of CISA services, offerings, and partnerships to secure the Election.
WOMEN IN LEADERSHIP AT CISA
If you are interested in teamwork, CISA could have the right team for you. For Wales, the technical analyst role, rooted in computer science and network engineering was a critical subset of the larger security/risk challenge. As she worked to grow and develop multi-disciplinary teams throughout her career, she found that it takes the voices of many to tackle the complex national security problems. As a female leader at CISA – one of the government’s most technically-oriented organizations – Wales said she found her calling to create conditions in which a variety of people from diverse backgrounds can be successful.
“It’s easy to forget at the end of the day that the feeling of insecurity is not technical.” The technical piece is an important one in the cybersecurity field but looking at the problem set from a risk-based perspective and understanding the interconnectedness with decision-making – a background that Wales brings – was something she excelled in. By merging the technical knowledge of her counterparts with her management expertise, she built her leadership niche within CISA.
CRITICAL INFRASTRUCTURE AND CYBER THREAT HUNTING
Threat Hunting uses intelligence to drive cyber operations and advice network defenders on how to apply or action timely information to protect their systems and networks against adversaries. By enhancing its own technical tradecraft, Threat Hunting is also able to enrich and disseminate information to partners to aid them in making risk-informed decisions. The subdivision works with private industry to share threat intelligence and helps create scalable and sustainable mitigations. Threat Hunting not only focuses on keeping adversaries out but also remediating intrusions in progress.
“While cybersecurity is deeply integrated with technology, it’s also about collaborative problem-solving and good risk management practices. As we at CISA know, problem solving and risk management are skills and techniques that know no gender but are strengthened by the diversity of perspective,” Wales has said publicly. “As we collectively work to establish long-term stability and security in cyberspace, our nation’s ability to attract, retain, and promote women in the field is vital.”
“A lot of that is just improving the communications, creating the conditions for comfort of leaning in, or not leaning in if that’s not your comfort zone, and making sure that we’re getting that message out to the broadest community we can as responsible national security professionals,” Wales said. “Making sure that the national competency level in this space is achievable to make sure that we can truly continue to defend this nation is absolutely critical. Making sure that we focus on inclusion and diversity as much as possible is paramount.”
Every piece of our country’s critical infrastructure is vulnerable to cyber threats. Incidence response and threat hunting within CISA occurs in collaboration with other functions of the agency, including:
- Capability Delivery
- Operational Collaboration
- Vulnerability Management
- Capacity Building
- Strategy, Resources & Performance
- Cyber Defense Education & Training
- National Risk Management
- Emergency Communications
- Integrated Operations
Threat Hunters are on the frontlines identifying and tracking threats; detecting malicious activity in federal/critical partner networks and critical infrastructure; proactively hunting for malicious cyber activity; and coordinating and responding to cyber incidents. Our primary goal is to render our adversary’s efforts ineffective and costly.
The intelligence/reporting, hunt/incident response, and products/mitigations delivered by Threat Hunting are a subset of all that CISA has to offer. Ready to make a splash in incident response or management for cyber-attacks in the critical infrastructure sectors? Reach out today for the start of an exciting cybersecurity career in public service.
Help Defend Today, Secure Tomorrow. Find job opportunities.
SPONSORED CONTENT: This article is written on or behalf of our Sponsor.