This Columbus native now directs US cybersecurity efforts. Here’s her path to success
Columbus High School 2006 graduate Carole House works at the White House in a key job helping to defend the United States.
House, 33, is director of cybersecurity and secure digital innovation for the National Security Council. On the organization chart, she is three tiers down from National Security Advisor Jake Sullivan.
She was hired in April, moving from the Treasury Department, where she was the senior cyber and emerging tech officer in the Financial Crimes Enforcement Network.
Her parents are Marilyn and retired Col. John House, a citywide representative on Columbus Council. She credits them, her three sisters and Columbus High’s “rigorous academic regimen” for helping her succeed at the University of Georgia, in ROTC and in the U.S. Army, where she reached the rank of captain in 4½ years of service. She was stationed at Joint Base Lewis-McChord outside Tacoma, Wash., and deployed to Afghanistan as an intelligence and operations officer.
“It’s been quite a ride,” House told the Ledger-Enquirer, “and I’m just so thankful for the opportunities that I’ve had and for the great role models in my family and supervisors and colleagues that I’ve had along the way.”
In a Q&A with the L-E, House shared some lessons learned along that ride, from personal career advice to national cybersecurity. Here are excerpts from our interview, edited for brevity and clarity:
What does it feel like to work in such an important position at the White House?
“It’s an honor. I take a moment every morning as I walk into the building, just to breathe and acknowledge how critical the efforts are that I’m supporting. … We’re making history here, and I’m privileged to be a part of it. … It’s tough. There’s a lot going on, a lot of critical national security issues and long hours and tough work, but I’m surrounded by some of the most brilliant people I’ve ever met and the most committed civil servants I’ve ever come across.”
Why did you pursue a career in cybersecurity?
“Cybersecurity is an arena that offers some really interesting places to balance sometimes-competing national security and other objectives, like privacy-preserving capabilities, along with appropriate discoverability and lawful access. . . . It really met my desire to have a fulfilling mission to be a part of and work to combat technology exploitation by illicit actors.”
So how well is our nation doing in cybersecurity, and how dire is the situation?
“Cybersecurity is a really critical and evolving threat. There still are a lot of cybercrimes that are targeting sort of the low-hanging fruit. But we’re also seeing environments where cybercriminals are becoming more sophisticated. … With the increasing shift toward digital platforms that I think is only accelerated by the pandemic, we see even more critical needs to accelerate our own approach and focus on cybersecurity measures. I think the administration has shown a really committed focus on that.”
Major cybercrimes have been in the news this year. Which notable cases have you worked on?
“For example, some of the major ransomware incidents like the Kaseya incident, the JBS incident and Colonial Pipeline.”
What was your role in those cases?
“I was serving to direct and coordinate the whole-of-government approach to countering ransomware, which especially focuses on identifying and disrupting ransomware networks and combating the misuse of virtual currency in ransomware, conducting a search of resilience and defense efforts to better improve our ability to withstand and recover from ransomware incidents, and then bolstering international cooperation to support combating the ransomware threat.”
Understanding you can’t reveal any government secrets, what’s the most surprising information or insight you can share about our cybersecurity that most folks don’t know?
“The reliance upon and the great opportunities for partnership with industry in achieving national security objectives. I think many people, when they think of national security, they think of government and people in dark suits and sunglasses. It’s not recognizing that owners and operators of critical infrastructure . . . (have) a responsibility in some cases to defend their networks.”
How can others overcome demographics that are traditionally obstacles in career advancement, such as age, gender and race?
“I would definitely encourage surrounding yourself with advocates and champions, and champions can come in many different forms. That includes people who are coaches and mentors, but also look for sponsors. Find those people who are willing to put their reputation on the line to voice the fact that you need to be included, that you need to be a part of something, … both for the opportunity to grow and the perspective that they offer. … Be your own advocate. When you know that you have a perspective and voice that needs to be heard, even if other people are silencing it or are taking credit for it, … try to take any notes that may be relevant to be heard in that environment, but also look for a different one to be a part of. There’s no reason to remain in a toxic environment, surrounded by a non-inclusive workspace.”
How can more women get opportunities for careers in STEM fields?
“I would start with parents and family environments. … Just having parents that were completely supportive of us and also exposed us to concepts that were sort of related to or dependent upon science, technology and mathematics from an early age really was a big part of where a lot of our interests came from. … Try to ensure that females feel comfortable and included in opportunities to take higher-level math and science classes. … There are times when confidence can be a serious issue, just based on social pressures and others for young women. … For me, ROTC and the kinds of things I physically had to do as well as mentally was a big part of confidence building to help me feel comfortable in being my own advocate and being pretty ambitious.”
What advice would you give to Americans who want to help improve cybersecurity on personal and national levels?
“Being deliberate and discriminating in some of your interfaces digitally, just recognizing and knowing that there are malicious actors out there who are looking to gain access to your sensitive information. … Then think about those key, low-hanging fruit measures that can defend against that. For example, multifactor authentication, looking at what kind of security measures you can put in place on your devices to protect your accounts or even multistep verification, where it’s not just a username and a password that may have been breached previously and sold really cheaply on the Dark Net. ... Having these additional measures put in place may add just a little bit of friction but reap massive benefits in securing your data.”
