Amber Pearson
“It was demonstrated that failing fast improves innovation in an organization by encouraging experimentation and early testing of ideas, allowing high-performing teams to quickly identify what works and what doesn’t without expending excessive time, money, or resources.”
Amber Pearson is the Deputy CISO and Executive Director at the U.S. Department of Veterans Affairs (VA), where she drives cybersecurity and privacy strategies to help protect veteran data and systems.
A trailblazer in federal cyber innovation, Amber led the VA to become the first agency to adopt Open Security Controls Assessment Language (OSCAL), cutting risk management timelines to under 60 days. Her leadership also propelled the VA’s Continuous Diagnostic and Mitigation (CDM) data quality into the top 14% among federal agencies, as ranked by Cybersecurity & Infrastructure Security Agency (CISA).
Amber’s impact has earned national recognition, including the Cyber Defender Flywheel Award.
What is one skill, interest or talent of yours that makes you great at your job?
I possess a unique talent for visualizing non-standard approaches to solve complex problems. At the same time, I am adept at making swift, decisive choices when circumstances demand rapid, action-balancing, thorough analysis with the agility required to respond effectively to emerging threats. This combination allows me to deliver both innovative solutions and timely results in high-pressure environments.
What is the best piece of unconventional career advice you’ve gotten?
“Fail fast, fail often, but always fail forward.” – John C. Maxwell
This concept was introduced to me during my tenure with the private industry. It was demonstrated that failing fast improves innovation in an organization by encouraging experimentation and early testing of ideas, allowing high-performing teams to quickly identify what works and what doesn’t without expending excessive time, money, or resources.
What is your proudest moment working in the cybersecurity industry?
Decoupling the precision of the National Institute of Standards and Technology (NIST) cybersecurity compliance to adaptive risk exposure analysis for Continuous Authorization Assurance (CAA). We transitioned from static, periodic Risk Management Framework (RMF) implementations to an agile, continuously adaptive, and risk-focused approach. This prioritized ongoing risk analysis, continuous evaluation of security and privacy controls, and real-time risk posture awareness over checklist-driven compliance.
When did you become interested in pursuing a career in cyber and what prompted it?
My immediate love for this field is that you are driven by a sense of purpose and significant impact in making a positive difference in helping to protect individuals, organizations, and even national security infrastructure from cyber threats, which is deeply fulfilling.
What are the top 3 things you would tell people hoping to enter the cybersecurity industry?
- High demand and job security. With the ever-evolving cybersecurity threat landscape, there are many opportunities to advance in this space and find an organization that aligns to your professional goals.
- Learn common threat attacks and defense to those attacks. This will be important in providing value whatever your role is within the cybersecurity ecosystem.
- Build a deep understanding of technical knowledge with multiple technology stacks. Knowing how systems work and interact is important for identifying and mitigating vulnerabilities.
What are some misconceptions people might have about the cybersecurity industry and what can we do to change these misconceptions?
That you need degrees. In most cases, work experience and technical knowledge can allow you to be a top candidate.
Do you feel like you’re contributing to helping keep our world secure and can you share why that matters to you?
I do. Technological advances such as AI, cloud computing, and the proliferation of connected devices have dramatically expanded both the cybersecurity threat landscape and the attack surface for organizations and nations. My contribution is important for mounting an effective, unified defense against nationwide cyber threats, protecting critical infrastructure, and ensuring the security and resilience of society. Part of my role today is to keep veterans, a sacred role in this nation, at the center of everything I do.
What positive change do you think will take place as we bring the next generation into the cybersecurity industry?
Innovation, a deep understanding of technical security risk, and faster response to incidents.
Who is your role model in the cybersecurity industry and why?
It’s not just about one role model, it’s about the role each senior agency leader plays in today’s federal landscape, especially as they face the challenges and complexity of keeping our nation safe. These cybersecurity leaders show up everyday to help make a real impact on where we go as a nation.
