Monica Montgomery
“Don’t plan your career. If you have a ‘five year plan’ or are thinking about where you’ll be in five years, you’ll miss all of the opportunities that present themselves along the way.”
Monica Montgomery is the CISO and Chief of the Cybersecurity Group within the Office of the Director of National Intelligence Chief Information Officer, where she leads cybersecurity strategy and safeguards information systems.
Previously at the National Geospatial-Intelligence Agency (NGA), she authored the agency’s first cybersecurity strategy and pioneered risk-adaptive approaches that accelerated intelligence delivery. With 15 years in the private sector and deep experience across the intelligence community, Monica is known for building resilient, agile cyber programs.
She holds a degree in Computer Science from Bucknell, and is certified as both a Certified Information Systems Security Professional (CISSP) and a Certified Cloud Security Professional (CCSP).
What is one skill, interest or talent of yours that makes you great at your job?
Empathy. Early in my career I was an engineer with a “get in, get it done, move on” mentality. I would get frustrated easily when people needed something different. Then my kiddo came along and she was born with some medical issues and was diagnosed with autism, Attention-Deficit/Hyperactivity Disorder (ADHD), and anxiety. I realized each of us is unique and needs something different. I now strive to understand how each person receives information, how they process information, and how they bring a unique part of themselves to every project.
What is the best piece of unconventional career advice you’ve gotten?
Don’t plan your career. If you have a “five year plan” or are thinking about where you’ll be in five years, you’ll miss all of the opportunities that present themselves along the way.
What is your proudest moment working in the cybersecurity industry?
Authoring NGA’s cybersecurity strategy. Previous strategies were myopic and limited in scope to the cybersecurity office. This was an agency-wide strategy with a focus on turning cybersecurity from an IT problem to a mission and business challenge.
When did you become interested in pursuing a career in cyber and what prompted it?
I didn’t set out to work in cybersecurity. I started out as a system integrator, working through various jobs in project and program management, database administration, enterprise architecture, and technical policy. I had the opportunity to turn towards cybersecurity and risk management, and didn’t look back! But I believe that to really understand cybersecurity, it’s almost better to have a background in all aspects of IT system development and program management.
What are the top 3 things you would tell people hoping to enter the cybersecurity industry?
- Don’t believe the hype.
- Risk is to be managed, not avoided.
- Nothing is fully secure.
What are some misconceptions people might have about the cybersecurity industry and what can we do to change these misconceptions?
Technology alone will not fix the problem, and you can’t incrementally patch your way into a secure system. Solely focusing on security won’t provide a clear understanding of how to mitigate risks; security must be a balance of mission, IT, and the human element. It is best to acknowledge that everyone has a bad day sooner or later, so it is important to constantly prepare for the consequences.
Do you feel like you’re contributing to helping keep our world secure and can you share why that matters to you?
My focus is making cybersecurity “user friendly” and consumable for our agency programs and the National Security mission. If it’s not intuitive, the mission will forgo putting effort into cybersecurity. I want to ensure that the services we provide balance the needs of cybersecurity requirements with the mission, as the government deserves to operate without fear of devastating consequences from lack of cybersecurity.
What positive change do you think will take place as we bring the next generation into the cybersecurity industry?
The next generation are digital natives who have the advantage, and disadvantage, of being computer literate, data literate, and being fully comfortable with technology. That is their greatest asset and greatest weakness.
Who is your role model in the cybersecurity industry and why?
My role model is my 16-year-old daughter. Even at a relatively young age, she has fought through adversity, and done so with a smile, joy, and laughter. She lives life as she wants, not as who other kids around her think she should be. She’s proud of who she is, and is a staunch advocate for her needs, her rights, and her self-being. She’s kind, witty, and smart. I hope I’m like her when I grow up.
