In the second episode of our 3-part Halloween series, Grant Schneider, Senior Director of Cybersecurity Services at Venable and former federal CISO, discusses the frightening implications of insider threats, how we are protecting critical infrastructure, and what it was like working on cybersecurity in the White House under both President Obama and President Trump.

Key Topics

• 00:03:59 Increased consequences led to rise of cybersecurity
• 00:08:47 Insider threat, screening, hiring, malicious actor, Manning, Snowden
• 00:09:53 Snowden challenges legality of government surveillance
• 00:15:00 Adversary gains access, steals information, demands ransom
• 00:19:19 Different levels of readiness present challenges
• 00:23:15 Helping clients & coalitions for cybersecurity policy
• 00:24:58 Consistency in technology and cybersecurity under past presidents
• 00:27:47 Cybersecurity is like warfare or terrorism
• 00:32:30 AI tools and data drive persuasive information
• 00:34:50 National Cybersecurity Awareness Month raises awareness on cybersecurity and encourages action to protect businesses
• 00:42:40 Diversity of experiences leads to career growth
• 00:44:01 Adaptive, willing, and able to learn

Introduction to National Cybersecurity Awareness Month

Purpose of Raising Awareness About Cybersecurity

Grant explained that one of the great things about National Cybersecurity Awareness Month is exactly raising awareness and providing an opportunity to hopefully spend time thinking about and discussing cybersecurity. He noted that for organizations already focused on cybersecurity daily, the awareness month may not raise their awareness much more. However, many organizations don't constantly think about cybersecurity, so for business leaders and executives who may now recognize the existential threat a cyber incident poses, the awareness month offers a chance to have important conversations they may have previously avoided due to lack of understanding.

National Cybersecurity Awareness Month: "You're only one bad kind of cyber incident away from your organization not existing anymore."— Grant Schneider

Opportunities for Organizations to Have Conversations About Cybersecurity

According to Grant, leaders who don't grasp cybersecurity risks may personally fear initiating conversations to ask what the organization needs to do to address risks. National Cybersecurity Awareness Month provides an opportunity for these leaders to have the necessary conversations and gain education. Grant said the awareness month is a chance to discuss basics, like implementing multifactor authentication, patching and updates. He observed that much of the content produced for the awareness month focuses on cybersecurity fundamentals, so it allows organizations to dedicate time to shoring up basic defenses. Overall, Grant emphasized National Cybersecurity Awareness Month facilitates essential cybersecurity conversations for organizations and leaders who otherwise may not prioritize it consistently.

Evolution of Insider Threat in the Intelligence Community

Screening Out Bad Actors During the Hiring Process

Grant explains that in the early days of his career at the Defense Intelligence Agency (DIA), insider threat mitigation focused on screening out bad actors during the hiring process. The belief was that malicious insiders were either people with concerning backgrounds trying to get hired, or nation-state actors attempting to plant individuals within the intelligence community. The screening process aimed to identify and reject potentially problematic candidates.

Nation-State Actors Planting Individuals Within the Community

He mentions the possibility of nation-state actors attempting to plant malicious insiders in the intelligence community through the hiring process. This underscores the perceived risk that foreign governments would try to insert spies or saboteurs into the ranks of U.S. intelligence agencies.

Shift Towards Insiders Becoming Whistleblowers

Grant then discusses how over time, the nature of insider threats shifted more towards insiders becoming whistleblowers driven by ideology or moral objections. He cites the Manning and Snowden cases as examples of this shift. Rather than foreign plants, these were trusted insiders who went on to leak classified information out of claimed conscience.

Importance of Not Making Negative Generalizations About Whistleblowers

While describing this evolution, Grant is careful not to make generalizations condemning all whistleblowers. He maintains that whistleblowing serves an important function in society.

Snowden’s Different View on the Community’s Work and His Actions

In Snowden's case specifically, Grant characterizes his mindset as believing the intelligence community's lawful work was actually wrong. This led Snowden to take matters into his own hands by leaking classified materials.

Importance of Diversity of Experiences for Personal and Professional Growth

Actively Seeking Out Different Experiences Within Current Role

Grant emphasized the importance of seeking diversity of experiences, even within one's current job. He advised not constantly changing jobs, as that may look unfavorable on a resume. However, within a role, one should actively volunteer for new projects and tasks that provide exposure to different skills. Being willing to say "yes" and take on unfamiliar work leads to becoming a more versatile, well-rounded employee.

Saying Yes to New Opportunities

Grant recommended that when presented with new opportunities at work, such as a manager asking for someone to work on a certain project, the best approach is to always say yes. Even if the work does not seem interesting or relevant, accepting the challenge provides a chance to learn new skills. Saying yes demonstrates eagerness to expand one's capabilities.

The Importance of Diversity of Experiences: "Diversity of experiences, and whatever it is you're working on, when your boss, your coworkers say, hey, we're looking for someone to work on this, always say YES. I wanna go work on that as well."— Grant Schneider

Becoming a Well-Rounded Employee and Leader

According to Grant, embracing diverse experiences allows professionals to build unique skill sets and make themselves stand out. Having broad exposure equips individuals to work effectively on varied teams and projects. It enables adaptability that makes one a more valuable contributor. Grant emphasized that diversity of experience helps shape well-rounded leaders who can thrive in any environment.

View Work and Life as a Scavenger Hunt for Acquiring Skills

Grant suggested viewing one's career progression as a scavenger hunt to collect talents and capabilities. Being strategic and purposeful about pursuing different opportunities maximizes growth. Grant urged professionals to reflect on the skills they want in their toolbox and then leverage jobs and other life experiences to intentionally develop expertise across multiple areas.

The Consequences of Cyber Incidents and the Growth of Cybersecurity

Increased Consequences of Cyber Incidents

As Grant explained, when he first joined DIA, there were no connections to the unclassified internet in the building. Over time, every employee had both unclassified and classified computers to connect to various networks. As more devices were connected to networks, the potential consequences of a cyber incident grew. With more reliance on technology and interconnected systems, a cyberattack could cause major disruptions to operations. Grant noted that this increase in risk led to a greater focus on cybersecurity within both government and private sector organizations.

The Consistency of Approach Towards Technology and Cybersecurity across Administrations: "In my opinion, technology and cybersecurity has not been very politicized. And really going back from Bush to Obama, to Trump and to Biden, in my opinion, we've seen a good bit of consistency around the directions, the people have been headed."— Grant Schneider

Creation of Dedicated Security Operations Centers

Grant discussed how the growing risks from cyber incidents led to the creation of security operations centers focused on monitoring threats. Whereas IT operations teams had previously handled security, cybersecurity emerged as its own discipline requiring specialized skills and 24/7 vigilance. Organizations established dedicated security operations centers tasked with detecting and responding to security events around the clock. This represented a major shift as cybersecurity transitioned from a purely policy function to an operational capability within organizations.

Cybersecurity as a Distinct Operational Entity in Public and Private Sectors

Over the years, cybersecurity evolved from an information security policy role to a distinct operational entity, according to Grant. This transition occurred in both the public sector and private sector as the nature of threats changed. Cybersecurity is now recognized as requiring its own set of skills and continuous monitoring separate from traditional IT operations. Grant noted that this shift has continued with cybersecurity capabilities and staffing growing significantly across sectors.

Understanding and Manipulating Information in Cyberspace

Increasing Availability of Data and AI Tools

Grant discussed how there is more and more data available now as compared to the past. He also mentioned how AI tools allow people to analyze and understand this data in new ways. For example, AI can help determine what information or messages are most likely to resonate with someone based on what is already known about their views and preferences. Grant suggested that the combination of more data and better AI-enabled analysis means information can be tailored and targeted to individuals in new ways, for good or bad purposes.

Delivering Messages That Resonate With Individuals, Regardless of Truth

Building on the availability of data and AI tools, Grant noted how messages can now be crafted in a customized way for each person. He said that tools allow understanding of what is believable to each individual. Then messages can be created that align with existing beliefs and preferences, regardless of whether the messages are factually true. Grant gave the example that false information could potentially be spread this way if the content resonates with what someone already thinks.

Society’s Acceptance of Divisive and Blunt Opinions

Grant suggested that technology capabilities enabling tailored messaging are emerging alongside the increased societal acceptance of divisive, controversial and blunt opinions being shared publicly. He noted that norms seem to have changed from when there were more things people didn't express out loud. Grant proposed that this societal shift combined with technological capabilities that can take advantage of divisions creates risks in terms of information manipulation.

About Our Guest

Grant Schneider’s entire 30-year career has focused on our nation’s security. Grant spent more than 20 years at the Defense Intelligence Agency, seven of which he served as the CIO. He then spent six years in the Executive Office of the President during the Obama and Trump administrations, focused on all aspects of federal and critical infrastructure cybersecurity. During that time, he served as a Senior Director for Cybersecurity Policy on the National Security Council staff and most recently as the Federal CISO. For the past three years, Grant has served as Senior Director of Cybersecurity Services at Venable, helping companies from across all sectors enhance their cybersecurity programs through the development and implementation of risk management programs as well as assisting with the preparation, response, and recovery from various cyber incidents, including ransomware.

Episode Links

• Colonial Pipeline hack
• Live Free or Die Hard
• Alliance for Digital Innovation