The Duke Cybersecurity students listened to an inspiring story about the role of choice and chance in building a career

From The Cleveland Browns, to protecting US Presidents, and to becoming a CISO for the Federal Reserve Bank in Dallas, Texas.

“Your life and career are a combination of choices and chances. It depends on the choices you make and the opportunities (chances) that you get. What you put into it, is what you will get out of it,” said Steven Bullitt, the CISO for the Dallas Federal Reserve Bank who presented at the weekly Cybersecurity Seminar on November 17^th. Steven Bullitt is also a member of the Duke Cybersecurity master’s program advisory board, providing industry insights to the program’s strategy and curriculum. Mr. Bullitt used his own life story to exemplify the statement above.

Raised as one of eight children by his single mother, he revealed that among his various life goals, being a good father was a primary focus. Steven discussed how the opportunities (chances he received) and choices he made brought him to where he is today – Vice President and Chief Information Security Officer of the Federal Reserve Dallas, overseeing the information security services and business continuity teams. Steven talked about how he began his journey in security as a Police Officer in Dallas Texas, working undercover in Narcotics and as well as being an Explosive Ordnance Technician after a brief career in the NFL, being drafted by the Cleveland Browns. Steven had a long and rewarding career in the US Secret Service, during which he protected Presidents like Bill Clinton, George Bush, and Presidential candidates in election campaigns, like John McCain and Mitt Romney. While working on the President’s detail as a special agent, he recognized the necessity to redirect his life towards a new career path of cyber, understanding that the decisions he made today would shape his future. “The choices that I made then, determined my future career,” he emphasized. “I asked myself: What will differentiate me from many other retired secret service agents?” Given his experience and interest in technology, he applied to George Washington University for a master’s program in Forensic Science Computer Fraud Investigation, which led him to leading the U.S. Secret Service’s Electronics Crimes Program for several years and being instrumental in creating the U.S. Secret Service’s National Computer Forensic Institute (NCFI) in Hoover, Alabama – a facility that has trained over a thousand state and local police officers in combating cyber-crime. After retirement from the Secret Service, he joined NTT Security as the Global Vice President of Threat Intelligence and Incident Response. Here he built relationships with the United Nations, Internet Governance Forum (IGF), World Economic Forum (WEF), Europol, Interpol, Japan Cyber Crime Center (JC3), Cyber Threat Alliance (CTA) and many other organizations around the world. He shared that one of the challenges he needed to manage in work was a healthy work life balance. He also stated that the greatest challenge for cyber was to balance between security and privacy, how both are interlinked terms that are often used in conjunction with each other.

As the CISO for the Federal Reserve Dallas, one of the 12 reserve banks in the US, he is managing cybersecurity challenges and taking steps to protect the information systems against threat actors. He stated that “we all face the same challenges, and we must all work together to get it right as often as possible because it only takes one mistake for an adversary to breach your system.” How are you able to defend the systems against very sophisticated threats?” asked Prof. Ehuan. “We have a good security management system, we are constantly re-evaluating processes, tactics, and measures; we are checking vulnerabilities and are prepared to respond. Having a response plan is very important,” Mr. Bullitt answered.

Art Ehuan, executive director of the ME in Cybersecurity Program, and the weekly seminar instructor asked Mr. Bullitt about the key skills that he is looking for when hiring cyber security professionals. “Chief information security officers oversee strategy, conduct investigations, coordinate training and awareness campaigns, conduct reviews. We train our personnel for specific tasks. When we hire, we are looking for someone with soft skills, looking to be mentored and to be empowered. Certifications and degrees are very important as well, although they do not guarantee a job,” he said. Mr. Bullitt encouraged people to embrace opportunities and believe in themselves: “You are on the right course. This program you are in is very important for your future career, as the program at George Washington University was for me.”