News | Oct. 11, 2018

In the Spotlight: Paula Lewandoski

In honor of National Cybersecurity Awareness Month, NSA is putting the spotlight on some of our top cyber talent. We continue the series with Paula Lewandoski, a Threat Operation Manager in NSA's Cybersecurity Operations Mission Management Council.

Q: What Do You Do at NSA?

A: I am the Threat Operation Manager in NSA's Cybersecurity Operations Mission Management Council for the Near East, South & Central Asia, and Africa (NESCAA) responsible for establishing and directing mission priorities and outcomes to include overseeing the planning and execution of end-to-end NSA activities in support of pursuing and countering the NESCAA cyber adversary.

Q: Why Did You Choose A Career in Cyber?

A: After 9/11, the Agency was in need of computer scientists to fight the global war on terror so I transitioned from the Technology Directorate to the Signals Intelligence Directorate. I joined a small team of extremely technical, innovative, and passionate individuals focused on tracking the terrorist propagandists' use of the Internet and the threat they posed. I quickly became hooked on this type of work and the challenges and impact we could have on the future efforts of NSA in the cyber arena. I never left the cyber mission and to this day continue to work with some of the most passionate, intelligent, and innovative individuals as we take on new and exciting challenges now and in the future.

Q: How have you seen the cybersecurity mission evolve since you joined the NSA workforce?

A: The changes I have observed in cyber since I began working it in 2006 are profound. We went from a small team researching emerging state sponsored cyber programs to a Directorate level organization supporting a 24x7 operations center. Not to mention, the establishment and growth of the United States Cyber Command. Cybersecurity has evolved from being a highly specialized technical discipline of the few, to front page news affecting masses globally. The barriers to entry for malicious cyber actors are low, as is the risk of getting caught. Advances in technology, tradecraft, and operational security have made it increasingly more difficult to pursue the adversary. Unsophisticated techniques can cause grave damage and are readily available. It is no exaggeration to say that cyber vulnerability is one of the biggest strategic threats to our nation and it's not just a Government problem. From a federal government standpoint we've taken a huge step in bolstering the importance of cybersecurity. Late last year the White House released an Executive Order stating department and agency heads would be held accountable for the security of their networks. We put the risk ownership back at the highest levels to ensure cybersecurity takes a front row seat to government information systems. Despite the challenges in the cyber domain, at NSA we have a tremendous role in protecting our national security systems and an even greater responsibility to do so as the threats evolve.

Q: Optional if you can elaborate in an unclassified answer: What is your most notable success within the cyber field?

A: I was one of a handful of NSA analysts in 2007 who recognized Iran's efforts to build its cyber warfare capacity while this effort was still in its early stages. Understanding the potential threat posed by this development, our team shaped NSA's posture to analyze and counter the threat in multiple disciplines. From these preliminary, at times, tentative first steps, we provided authoritative oversight that produced marked advances in analysis, collection, and tradecraft; mapped processes, and integrated capabilities across the enterprise.

Q: What are your thoughts on the future of cyber?

A: Automation is going to be of tremendous value and will be key to getting us to a more predictive and preventive posture. Cyber must be approached as a team sport and partnerships with industry and academia will be critical if we are to get ahead of the threat. Most important to the future of cyber, we need to aggressively recruit, hire, and retain cyber professionals - they are our future and the key to our success.

Q: Besides work, what's your happy place?

A: Home, relaxing with my family or enjoying time with my friends and maybe getting in a round of golf from time to time.

Looking for more information on cybersecurity? Check out NSA's cybersecurity page, or