Board Member Spotlight: Kelli Andrews, Senior Director, Cybersecurity and Lawful Access | Microsoft

Microsoft has been on our board for a while, but this is your first year as the Microsoft board representative. How would you describe your experience as a board member of the National Cybersecurity Alliance so far?

My experience as a board member has been terrific and I look forward to even more collaboration with my fellow board members and the National Cybersecurity Alliance.  I’m so impressed by the interesting mix of companies that are on the board—technology companies, like Microsoft—but also financial services and other sectors.

The board members have such a diverse set of skills and experience in cybersecurity that I believe we individually and collectively add value to the National Cybersecurity Alliance’s  education mission. 

This collaborative effort across many different sectors with cybersecurity interests not only ensures that we learn from each other, but also allows the organization  to benefit from our views and wide spectrum of experiences in cybersecurity.

How does Microsoft’s cybersecurity interests align with the National Cybersecurity Alliance mission to educate and empower our global digital society?

I think our interests align very well!  Microsoft’s mission is to empower every person and every organization on the planet to achieve more.  As cyberattacks have grown in number and sophistication, many issues related to cybersecurity have come to the forefront of policymakers, business leaders, and the public.  In particular, it is clear that in order to secure our cyber ecosystem, we need to increase our cyber workforce and have a pipeline in place. 

In October, Microsoft announced a cyberskilling initiative focused on community college attendees.  Skilling goes hand-in-hand with education—and the National Cybersecurity Alliance’s  amazing work in educating parents, schools, students and businesses on cybersecurity through its webinars, resource library, and social media outreach is an important component to the collective effort to improve our nation’s cybersecurity posture.

You participated on a panel recently during our webinar, Keeping Your Family Safe Online: Securing Your Home and Devices. What are some key takeaways from the discussion that StaySafeOnline blog readers should know?

The transition to a virtual workplace and classroom brought with it many benefits but also greatly increased cybersecurity risks.  That’s because there are many more vectors now for cybercriminals to attack—there is also a blending of work and home devices which can also create additional risks. 

A theme that we need to continue to focus on–with individuals, families, and businesses–is commitment to better cyber hygiene.  When we talk about “cyber hygiene,” I think the two main takeaways are: pick strong passwords (and have a variety of them) and enable multi-factor authentication (MFA).  You will go a long way toward being cyber-secure.

You worked at the Department of Justice for 10 years and most recently served as Senior Counsel and Chief of Staff of the National Security Division. When most people think of a cybersecurity career, they may not think about positions in law enforcement. Can you tell us about how you came to the intersection of cybersecurity and law?

When I began working as a Trial Attorney at the Department of Justice’s National Security Division, I investigated and prosecuted terrorists.  When I thought of terrorism, it was through the lens of al Qaeda’s 9/11 attacks on our country.  I began to see in my terrorism investigations an increasing use of technology by terrorists to radicalize others and plot attacks as well as how the government uses technology as an investigative tool. 

Through my various roles in the Department of Justice, I was fortunate to work on a number of cases involving cyber crimes—including prosecuting the first cyberterrorism case—as well as policy issues involving cybersecurity.  Cybersecurity as a legal field is now burgeoning and I encourage those who are thinking about focusing their legal career on cyber to look at government positions.  

In addition to DOJ and the FBI, DHS and so many other agencies are seeking lawyers with cybersecurity experience (or interest) to join this critical national security mission.  And there really is nothing more rewarding from a mission-perspective than being a part of keeping our nation secure.

In addition to your position at Microsoft, you are an adjunct professor at American University. What do you like about being a professor?

Having the opportunity to teach is really meaningful to me because I credit certain teachers and professors that I had in my academic career with motivating me to love learning and influencing my career choices.  As a professor, I really enjoy imparting not only my knowledge, but practical application and experience of my work to teaching students.  And students always keep you on your toes with great questions and ways of analyzing issues so it makes me a better lawyer. 

Finally, as a woman in a career that tends to be male-dominated, I like to mentor women who are seeking a career in national security and teaching also provides me with that important opportunity.

What topics are you passionate about as it relates to cybersecurity?

There are many cyber-related topics on which I feel passionate about but I think the top three are: combatting nation-state threats, establishing trusted public-private partnerships to secure our cyber ecosystem, and increasing and diversifying our cyber workforce. 

In my opinion, Microsoft has been a leader in many of these efforts including publishing our cyber threat insights in our annual Microsoft Digital Defense Report and using federal civil litigation tools to take down cyber criminal infrastructure and explain in public court documents the who, what and how in furtherance of information-sharing and deterrence. Cybersecurity remains a whole-of-nation effort and I am very proud to be a part of it at Microsoft.

What are your hopes for the National Cybersecurity Alliance? What role do you see us playing in the public’s cyber literacy this year?

I am very excited about the National Cybersecurity Alliance’s 2022 plans to expand its reach in educating more, particularly by focusing on increasing diversity through cybersecurity education and, in turn, the workforce.  I feel very fortunate to work for a company like Microsoft that highly prioritizes diversity and inclusion and advances these priorities in all aspects of our work, including in our cybersecurity skilling initiatives. 

I think organizations like the National Cybersecurity Alliance  play such an important part in the whole-of-nation effort to secure our cyber ecosystem because the organization provides easy to understand and accessible materials on cybersecurity that amplify the educational outreach the government and industry is doing.  You don’t need to be a techie to understand the importance of cybersecurity and how you can help.

What are your personal or professional New Year’s Resolutions?

I’m not a big New Year’s Resolution person but I do like to think about some goals or objectives for the year.  Since I’m still relatively new at Microsoft, having joined the company in June, my professional goals are focused on integrating myself into the organization and taking a trip out to our Redmond headquarters so I can continue to meet people in person that I work with every day. 

On the personal front, I really like the idea of trying to practice more mindfulness each day—incorporating a coping mechanism that many of us used during the height of the pandemic—being grateful for the “little things” (which are actually the big things) more often.

Where do you want to go for your next trip?

Where do I start?!  My husband and I love traveling and, like many, our plans have been on hold since COVID.  I think our next trip (hopefully in 2022) will be to Italy and Croatia.  I have family in Croatia who I haven’t seen in several years and we’d like to go back, see them and explore the country some more.  Other places on my bucket list are Turkey and Portugal.