Kelli Andrews recently joined Microsoft’s U.S. Government Affairs team as Senior Director, Cybersecurity and Lawful Access Policy.
Kelli will advance Microsoft’s public policy initiatives in the areas of cybersecurity, cybercrime, lawful access, and encryption at the federal, state and local level.
Kelli joins Microsoft from the U.S. Department of Justice where she spent the last 10 years and most recently served as Senior Counsel and Chief of Staff of the National Security Division. While at the Department of Justice’s National Security Division, Kelli served in several roles, including as Counsel to the Assistant Attorney General and Deputy Chief of the Counterterrorism Section.
She previously served as Deputy Chief of the National Security Law Division at the U.S. Department of Homeland Security and as Majority Counsel for the House Committee on Energy and Commerce.
Kelli also spent time in private practice at D.C. law firms and began her career as an Assistant State Attorney in Miami, Florida.
Kelli is currently an Adjunct Professor at American University’s Department of Justice, Law & Criminology. She earned a J.D. from Cornell Law School and a B.A. from Bucknell University.
Get to know Kelli Andrews
How would you describe your experience as a board member of the National Cybersecurity Alliance?
My experience as a board member has been terrific and I look forward to even more collaboration with my fellow board members and the National Cybersecurity Alliance. I’m so impressed by the interesting mix of companies that are on the board—technology companies, like Microsoft—but also financial services and other sectors.
The board members have such a diverse set of skills and experience in cybersecurity that I believe we individually and collectively add value to the National Cybersecurity Alliance’s education mission.
This collaborative effort across many different sectors with cybersecurity interests not only ensures that we learn from each other, but also allows the organization to benefit from our views and wide spectrum of experiences in cybersecurity.
How do Microsoft’s cybersecurity interests align with our mission?
I think our interests align very well! Microsoft’s mission is to empower every person and every organization on the planet to achieve more. As cyberattacks have grown in number and sophistication, many issues related to cybersecurity have come to the forefront of policymakers, business leaders, and the public. In particular, it is clear that in order to secure our cyber ecosystem, we need to increase our cyber workforce and have a pipeline in place.
In October, Microsoft announced a cyberskilling initiative focused on community college attendees. Skilling goes hand-in-hand with education—and the National Cybersecurity Alliance’s amazing work in educating parents, schools, students and businesses on cybersecurity through its webinars, resource library, and social media outreach is an important component to the collective effort to improve our nation’s cybersecurity posture.
You worked at the Department of Justice for 10 years and served as Senior Counsel and Chief of Staff of the National Security Division. Can you tell us about how you came to the intersection of cybersecurity and law?
When I began working as a Trial Attorney at the Department of Justice’s National Security Division, I investigated and prosecuted terrorists. When I thought of terrorism, it was through the lens of al Qaeda’s 9/11 attacks on our country. I began to see in my terrorism investigations an increasing use of technology by terrorists to radicalize others and plot attacks as well as how the government uses technology as an investigative tool.
Through my various roles in the Department of Justice, I was fortunate to work on a number of cases involving cyber crimes—including prosecuting the first cyberterrorism case—as well as policy issues involving cybersecurity. Cybersecurity as a legal field is now burgeoning and I encourage those who are thinking about focusing their legal career on cyber to look at government positions.
In addition to DOJ and the FBI, DHS and so many other agencies are seeking lawyers with cybersecurity experience (or interest) to join this critical national security mission. And there really is nothing more rewarding from a mission-perspective than being a part of keeping our nation secure.
You are also an adjunct professor at American University. What do you like about being a professor?
Having the opportunity to teach is really meaningful to me because I credit certain teachers and professors that I had in my academic career with motivating me to love learning and influencing my career choices. As a professor, I really enjoy imparting not only my knowledge, but practical application and experience of my work to teaching students. And students always keep you on your toes with great questions and ways of analyzing issues so it makes me a better lawyer.
Finally, as a woman in a career that tends to be male-dominated, I like to mentor women who are seeking a career in national security and teaching also provides me with that important opportunity.
What topics in cybersecurity are you passionate about?
There are many cyber-related topics on which I feel passionate about but I think the top three are: combatting nation-state threats, establishing trusted public-private partnerships to secure our cyber ecosystem, and increasing and diversifying our cyber workforce.
In my opinion, Microsoft has been a leader in many of these efforts including publishing our cyber threat insights in our annual Microsoft Digital Defense Report and using federal civil litigation tools to take down cyber criminal infrastructure and explain in public court documents the who, what and how in furtherance of information-sharing and deterrence. Cybersecurity remains a whole-of-nation effort and I am very proud to be a part of it at Microsoft.
What are your hopes for the National Cybersecurity Alliance?
I am very excited about the National Cybersecurity Alliance’s 2022 plans to expand its reach in educating more, particularly by focusing on increasing diversity through cybersecurity education and, in turn, the workforce. I feel very fortunate to work for a company like Microsoft that highly prioritizes diversity and inclusion and advances these priorities in all aspects of our work, including in our cybersecurity skilling initiatives.
I think organizations like the National Cybersecurity Alliance play such an important part in the whole-of-nation effort to secure our cyber ecosystem because the organization provides easy to understand and accessible materials on cybersecurity that amplify the educational outreach the government and industry is doing. You don’t need to be a techie to understand the importance of cybersecurity and how you can help.