Cybersecurity attorney Camille Stewart shares how her childhood affinity for making contracts pointed to her eventual career as an attorney. Having a computer scientist father contributed to Camille's technical acumen and desire to include technology in her life's work. Camille has worked various facets of cybersecurity law from the private sector, federal government, on the Hill and in the Executive Branch, and now as part of Big Tech as Head of Security Policy and Election Integrity for Google Play and Android where she creates policy geared towards making sure users are safe on their platform and equipped to make informed decisions.. We thank Camille for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices
You're listening to the Cyberwire Network, powered by N2K. When it comes to ensuring your company has top-notch security practices, things can get complicated fast. Vanta automates compliance for SOC 2, ISO 27001, HIPAA, and more, saving you time and money. In Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center. Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and prove security in real time. Our listeners can claim a special offer of $1,000 off Vanta at vanta.com/cyber. Hi, my name is Camille Stewart, and I'm a Cybersecurity Attorney. I used to make my parents sign contracts when I was a kid. So I always knew I wanted to be an attorney. They would make promises about grades or anything really, and I would grab a piece of paper and I'd outline the terms, make my sister witness it, and make them sign it. So I always knew I wanted to be an attorney. On the other side of that, my dad's a computer scientist, so I grew up tinkering with computers and technology and sitting in the back of his computer science class that he taught at the local community college. So I also had an acute interest in technology and technical acumen pretty early, so I didn't know how I would put those two things together, but I knew I had to be an attorney and I knew technology would play some kind of role in that. So I went to law school at American University because I liked the international program, but also I was going to work in the intellectual property law clinic, at least I aspired to, which ended up happening. I thought maybe I would protect people's technology if I couldn't actually be technical and be a lawyer, and after law school, I was recruited to Cyvalence, a cybersecurity company that focuses on open source threat intelligence. So after I spent five years or so at Cyvalence, I went to the Department of Homeland Security and the Obama administration in the cyber infrastructure and resilience policy office, and that was a great opportunity to really dive in on more of the international work, but also a lot of the really pressing issues that had a private sector tie. So encryption, cyber export controls, healthcare, cybersecurity, and election security. After that I went to Deloitte so that I could continue the work that I was doing in the department, from the outside of the consultant, so I was a security and privacy consultant for DOD and DHS. While working at Deloitte, also I was doing some research for a think tank. I had spent some time on the hill before I started my legal career, and so I kind of felt like I had done small tech at Cyvalence, which was like my foreign private sector. I had done the federal government, both from a hill perspective and an executive branch perspective, I'd done this research work, and I felt like the last piece of the puzzle to really be able to speak holistically about law and policy issues related to cybersecurity and technology was to go to big tech. To have a full understanding of how big tech is looking at these issues, and as it increasingly becomes a player in even our governance structures, and has a say in how many of the issues that we are looking at which are so big, privacy, supply chain management, cybersecurity in general, I had to understand what these companies were thinking about as they made these decisions, how the expertise was embedded in the organization, et cetera. So I started to look at big tech companies to transition to, and ultimately decided on Android and Google Play, where I'm the head of security policy and election integrity now, because Google Play and Android seem like that small tech environment when there's broader tech ecosystem. I represent the user, I create policies and advocate to teams in the best interest of the user internally. So the policies that I write, and the strategies that I lead are all geared towards making sure our users are safe on our platform and equipped to make informed decisions. Create your own lane. Every experience that you've had is valuable and has some bearing on the work you plan to do and the place you find yourself next, especially in cyber. That is a multi-disciplinary industry and requires the expertise of folks across the spectrum, whether it's social sciences or technical academia, mall, policy, et cetera. All of those things are beneficial, essential to solving these really complex problems. So I encourage folks to use all of their skill sets to address these complex issues and to do the work to bridge the gap on the technology, that part's easy. But those soft skills you have or that background expertise are all things that will help us solve these complex and ever-evolving challenges. I want folks to look at my work and say she was able to empower and to create a generation of informed citizens that can actively engage on their security and privacy. Understanding how technology works, what its limitations are, how it plays in societies, how it plays out in the lives of people, and being able to make informed decisions about how you engage, is how technology becomes more of an equalizer, and I just want to play a part in making that possible. This September 18th and 19th in Denver, a tight community of leading experts is gathering to tackle the toughest cybersecurity challenges we face. That's happening at M-Wise, the unique conference built by practitioners for practitioners. Brought to you by Mandiant, now part of Google Cloud, M-Wise features one-to-one access with industry experts and fresh insights into the topics that matter most, right now, to front-line practitioners. Register early and save at M-Wise.io/Cyberwire, that's M-Wise.io/Cyberwire. [MUSIC]
