Lesley Carhart (she/her)
Lesley (she/her) is a Principal Threat Analyst at the industrial cyber security company Dragos, Inc. She is recognized as a subject matter expert in cybersecurity incident response and digital forensics, regularly speaking on the topic at conferences and universities. Lesley has spent the last 11 years of her 20+ year IT career specializing in information security, with a heavy focus on response to nation-state adversary attacks. Her focus at Dragos is developing forensics and incident response tools and processes for uncharted areas of industrial systems.
In 2017, Lesley was named a “Top Woman in Cybersecurity” by Cyberscoop and received the Guidance Enfuse conference “Women in Technology” award. She currently serves as a NCO in the US Air Force Reserves and coaches youth martial arts in her free time.
1. What do cybersecurity and crypto mean to you?
Cybersecurity is the art and science of improving the security posture of individuals and organizations by detecting, mitigating, and deterring threats. “Crypto” will always be shorthand for cryptography to me — a broad and fascinating field that involves mathematics, code, and data privacy. Crypto can allow us to send data confidentially, better validate its source, and verify its integrity upon receipt. It is integral to our privacy and security.
2. If you could wave a magic wand and solve one problem in tech, what would it be?
I’d make essential security measures like secure authentication and defense against internet scams more approachable to general users. When users fail to practice basic security hygiene or evade security measures, it’s almost always our fault as technologists for making things too complex and arcane. Usability is improving, but we still have a long way to go.
“When users fail to practice basic security hygiene or evade security measures, it’s almost always our fault as technologists for making things too complex and arcane.”
3. What is a piece of advice that you have found especially useful?
Never stop learning, and never assume you can’t learn something. Our field is constantly changing — knowledge becomes out of date in weeks or months. You must remain curious and have a deep desire to learn continually from the day you start your career until the day you retire. A degree or certification is nice, but will only get you so far.
4. What’s a challenge you’ve faced, and how did you deal with it?
Being a consultant in cybersecurity typically requires a great deal of travel — sometimes weeks of the month away from home, working extreme hours, and eating on the road. Work-life balance can become very challenging. As I’ve become older, I’ve discovered the importance of structuring time for myself. Many consultants in our space have felt burn out, and most of us have been left with some kind of health issues as a result. It’s life-changing.
I’d tell anyone who needs to hear it to take a real vacation every year — even if it’s just at home. You must structure your work so that you can eat, sleep, and exercise long-term. Get routine physical exams. If your employer is not allowing you to stay physically and mentally well, they are not a good employer. When you’re young and ambitious, it is easy to scoff at these things. The day you finally end up in the ER or you simply can’t force yourself to care about work anymore, you’ll feel very differently.
“If your employer is not allowing you to stay physically and mentally well, they are not a good employer.”
5. What is your favorite book or movie?
I love Issac Asimov’s short stories, particularly the ones featuring Susan Calvin. She was one of the first strong representations of a woman computer scientist in fiction, and she really inspired me as a kid.