Dr. Mary-Margaret Chantré: cyber warrior and Capitol professor
December 31, 1969A native of New Jersey, Dr. Mary-Margaret Chantré majored in English during college before embarking on a 22-year career in the military, retiring in 2017 with the rank of Major. During her time of service, she specialized in IT before transitioning to cybersecurity as the need to protect networks and combat adversaries in the cyber domain became more acute. An adjunct professor at Capitol since 2015, she recently joined the full-time cybersecurity faculty and now teaches courses at the undergraduate, master’s, and doctoral levels. She lives in Laurel, MD with her two small children.
You earned your bachelor’s in a field far removed from computer science. What was your path into the cybersecurity arena?
I was introduced to the field during my service in the military. Prior to that, my career was in IT, so cybersecurity was a new thing for me. I started off building cyber teams, completed my certifications, and continued to develop my knowledge and skills. In many ways, becoming involved in cybersecurity has been a surprise for me. I never expected my military career would take me in this direction. Right now, with the way things are going in the world, it’s a great place to be.
How hard is the CISSP, in your experience?
The biggest challenge is that every answer is correct – what you’re required to do is find the best answer, not simply a right answer. After I had gone through a couple courses and began to understand how to answer the questions, it became more manageable. Nonetheless, it still felt like one of the most stressful things I have ever done to myself.
What do you see as the highest-priority areas in cybersecurity right now?
Getting people interested in, and trained in, the cybersecurity field. We have a pressing need for qualified people. Our adversaries are active 24 hours a day, with a single-minded focus on discovering vulnerabilities and attack vectors. That’s not the case for most organizations – we have other concerns and priorities. Being able to stay ahead of cyber threats is going to require a more sustained commitment – and more personnel – than we currently have available.
Because of this demand, it’s becoming much easier to enter the cybersecurity field than before. In the past, it could be difficult to gain entry. For example, many organizations would want you to have the CISSP, but one of the requirements for the CISSP is that you have five years of on-the-job experience – so there was a Catch-22 situation. For a lot of people, these kinds of hurdles were difficult to overcome. With the rising demand, though, there’s been a realization that we can’t afford to overlook skilled, qualified people because they haven’t accumulated this amount of experience, or haven’t earned this cert.
What are the most essential skills needed for success in cybersecurity?
In most cases, you need a programming background. You need the ability to be able to go into a system and recognize vulnerabilities. Critical thinking skills are also important, as well as communication and people skills -- a cybersecurity professional has to be able to go into an organization, see what is already in place, and make recommendations to decision makers concerning the steps required to strengthen their cybersecurity posture.
Being effective in cybersecurity also means understanding the things that could possibly happen, given a particular situation. You have to take what’s gone on in the past, look at what’s going on currently, and be able to make predictions. This is one reason, I believe, that many military intelligence people go into cybersecurity; military intelligence involves similar skills. You’re trained to examine where an enemy has been, where they are now, and where they will probably show up in the future.
What are some of the specific ways in which adversaries can conduct cyberwarfare to achieve strategic ends?
By now, there is almost nothing that an adversary couldn’t do. Everything is connected to the internet now, which means everything is susceptible to cyber attack.
In a military context, that could mean intercepting communications or infiltrating a network in order to gain intelligence. That includes classified information stored in databases, or information about people’s identities and locations. It could mean shutting down an installation or damaging equipment.
As a professor, what are some of your top priorities? What do you hope to achieve with your students?
I want to them to research what is currently going on in industry, and to obtain some experience, whether through an internship or some other avenue. And I want them to take advantage of every opportunity they can to get certified. Degrees are great, but experience is also important, and certifications are what will set you apart.