Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Cybersecurity Insights
a NIST blog
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month, called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity.
This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity?
Now more than ever, the use of technology is central to our lives. It is the means by which we are connected with others in the U.S. and around the world, both professionally and personally. With its ever-increasing ubiquity, cybersecurity threats proliferate at a rapid pace. While technologists work to combat these threats, the onus is often on people using technology to use it in ways that can reduce their vulnerabilities. Knowledge and practice of good cybersecurity and privacy guidance are essential to protecting ourselves and others.
Describe your career pathway and how that led you to the cybersecurity field?
I took a rather unexpected route to get into cybersecurity. I am a technologist at heart – I earned a Bachelor’s degree in Computer Engineering at North Carolina A&T State University, and Master’s and Doctorate degrees in Computer Science at Auburn University. Over time, however, my studies focused more on the user experience than the technology itself. I developed a strong interest in human-centered computing and human-computer interaction.
With my background, I was a great fit to conduct more applied research as a part of NIST’s Usability Group. It’s a multidisciplinary group of researchers with backgrounds in areas including computer science, cognitive science, and psychology, all working to champion humans in information technology. Towards the end of 2019, I joined the group’s Human-Centered Cybersecurity program, whose goal is to conduct interdisciplinary research to better understand and improve people’s interactions with cybersecurity systems, products, processes, and services.
Describe the role(s) that you play at NIST. What are some interesting projects you’ve worked on recently?
I lead the Human-Centered Cybersecurity program’s phishing project, where we perform research to understand phishing in a real-world context by examining human susceptibility to phishing threats. Our focus is on human behavior and why people do or do not fall for phishing emails.
We also work to provide organizations with resources to help their employees mitigate the phishing threat. Since 2019, we have worked to develop the NIST Phish Scale, a method for those who manage their organization’s phishing awareness training program to rate an email’s human phishing detection difficulty. The Phish Scale is an additional metric used by organizations around the world to provide context to the click and report rates resulting from their phishing awareness training exercises.
What is your favorite part about working at NIST?
Working at NIST is great because I get to work with brilliant people who have experience in a variety of science and technology fields. I get to be part of a community of researchers that care about and contribute to improving our society. It’s always refreshing to work with amazing people to solve challenging problems that have an actual impact on all of our lives.
