Morgan Adamski wants to talk to you about cyberthreats. As chief of the National Security Agency’s Cybersecurity Collaboration Center, she’s responsible for bringing highly sensitive threat information out from behind the walls of Fort Meade and onto the desks of defense industry leaders who can use it. In the latest episode of WE’RE IN!, Morgan shares how she helped build the CCC into a vital public-private conduit for cyber intelligence, rewriting existing NSA operating models along the way. “We knew that it was important to be able to have this type of direct engagement, because we knew the only way to really counter a nation-state actor is to get ahead of it,” Adamski said of the CCC’s “fast and furious” history.
Morgan Adamski wants to talk to you about cyberthreats. As chief of the National Security Agency’s Cybersecurity Collaboration Center, she’s responsible for bringing highly sensitive threat information out from behind the walls of Fort Meade and onto the desks of defense industry leaders who can use it.
In the latest episode of WE’RE IN!, Morgan shares how she helped build the CCC into a vital public-private conduit for cyber intelligence, rewriting existing NSA operating models along the way.
“We knew that it was important to be able to have this type of direct engagement, because we knew the only way to really counter a nation-state actor is to get ahead of it,” Adamski said of the CCC’s “fast and furious” history.
--------
Tune in to hear Adamski’s thoughts on:
* Strategies for getting more women involved in the cybersecurity field
* The Biden administration’s new National Cybersecurity Strategy
* The importance of being part of something bigger than yourself
[00:00:00]
Blake: Hi there, Morgan. Thank you so much for joining us on the program.
Morgan Adamski: Yeah, I'm really excited to be here, Blake. Thanks for having me.
Blake: Of course, of course. So we'll jump right in. And I, I have to admit, if there's ever a federal agency whose reputation precedes it, it's the nsa. So I was hoping you could share a little bit about what you do for the, uh, cybersecurity Collaboration Center. What is that?
Morgan Adamski: Yeah, absolutely. I'm really excited to talk about the Collaboration center, the CCC as we refer to it. So, um, when we established the cybersecurity director in October, 2019 here at nsa, we really wanted a b ability to directly engage with our private sector counterparts to do bidirectional information sharing so that we could share our threat intel, our insights, our technical expertise.
Directly with net Defenders who could actually action it, um, to create, you know, to share information, to have that comprehensive picture of what was happening with the threat. And so in order to be able to do that, we really had to significantly change the operating model [00:01:00] of the National Security Agency.
So the Cybersecurity Collaboration Center is actually a physical. Facility outside of the fence line that is primarily unclassified. Um, where we are able to have our industry counterparts come sit side by side with our analyst and share that data and insights in real time. But it's not just a physical facility, it's actually a virtual platform as well, because, you know,
As I said, we were started in October, 2019 and we opened the doors here in the facility in December, 2020, which if everyone remembers was SolarWinds. Uh, it was also during the pandemic. Uh, and so we had to be able to have a virtual platform. And so right now we are virtually collaborating with over 400 industry partners in 200 collaboration platforms worldwide.
Um, and what that means is we're able to directly share our insights with them and answer questions and just have a conversation. And so it is really significant. National Security Agency that we have, the Cybersecurity Collaboration Center, cuz it's really benefited us the last couple years. [00:02:00] Um, not only being able to share our information directly with those who can action it, but also gaining insights and better understanding from them about the things that they're seeing against their networks.
Blake: Wow. So you jumped right in with between Solar Winds and the Pandemic and I mean, what were those early days like? I feel like that's quite the, quite the mad dash. I mean, I guess there's always, there's always something right in the cybersecurity world, whether it's, but, but what was that like some of those early days getting things set
Morgan Adamski: Um, it was challenging, um, trying to understand how do you b build this, how do you build to this vision, right? We knew exactly what we wanted to do. We knew that it was important to be able to have this type of direct engagement, um, because we knew the only way to really counter a nation state actor is to get ahead of it.
in real time. So unique, actionable, relevant information directly in the hands of the net defenders. Um, however, , you know, you've gotta build partners and capabilities and you've got to have, um, you know, authorities and you gotta be able to have a way to do this. And so it was a [00:03:00] lot of learning as you're going.
Um, and so we had a lot of industry partners who were patient with us as we tried to figure this out. Um, just how we wanted to operate day-to-day. And so it was really unique opportunity and experience. Luckily, everybody was kind of working their way through the pandemic and so everybody kind of understood that we had to be patient with each other as we tried new ways of working.
Um, so luckily we were able to kind of take that time to figure it out, but it has been fast and furious as all things are in cybersecurity, uh, trying to make the most. People being willing to share information with us and vice versa.
Blake: That's right. Never a dull moment. That's why I especially appreciate you joining us on the program here. I know you have, uh, likely a, a very busy schedule. Indeed. And I, I'd be curious if you could share a little bit, you mentioned this, this concept of the fence line, right? Which maybe people outside of Fort Mesa don't, don't really appreciate.
What, what is C C's relationship like, uh, with the rest of the agency? And, you know, you described it sort of distinct physically, but does that translate. Into culture or [00:04:00] mindset, or is it all part of the same mission? What can you share about that
Morgan Adamski: Yeah, absolutely. So the CCC is part of the larger NSA construct and organization. Um, physically we are located in a different building outside the fence line if you've ever come up 2 95 and in the seen the big NSA complex, um, right. However, we really act as a bridge between the private. In all of nsa. So, you know, we're managing the relationships, the conversations, and the priorities with our private sector partners, but we are able to pull and leverage all of the technical expertise and insight across the agency, um, not just in Fort Mead, but worldwide, to better enrich those conversations with the private sector.
So, um, we really pride ourselves on being able to advocate for what the private sector is seeing and is concerned. So that the agency understands what those priorities are and what they're seeing against their networks, and then we're able to understand what the agency priorities are, uh, both from the intelligence side of the house as well as a combat support agency, and ensure that our private sectors [00:05:00] know what we care about, right?
It, it is really that middle ground, um, trying to make sure that everybody's on the same page.
Blake: Ha have you found, are people on this tend to be on the same page? I mean, I wonder like, is the, is the vision sort of so dramatically different? I know obviously there's a lot of secret sauce that goes on. We won't get into any of that of course, but like, you know, uh, is, is private sector really missing a lot of key pieces of the puzzle here?
Morgan Adamski: No. So you know, what we find is that what we know is less sensitive than how we know it. Right? And so a lot of people for a lot of years have been specifically asking that they need. . They need context. They need to know why. They need to know prioritization. They don't wanna just know a technical indicator, an IP address, a hash.
They wanna know why it's significant, and that's really where we feel NSA needed to step up and play its part, right? You may know all of these IP addresses are malicious, but. If we know that they're tied to a specific nation state actor, it's good for us to be able to tell our private sector partners that, um, both either in a [00:06:00] classified or unclassified environment so that they can prioritize resources against that activity and mitigate it as quickly as possible.
Um, we have found that our industry partners, the defense industrial base, They have playbooks specifically for how they counter specific advanced persistent threats or APTs. And so if we can say, Hey, that activity is this a p t, they can then pull a playbook off the shelf and they can actually put defensive measures in place and they understand how to operate with it.
So I. I think that the private sector has a lot of visibility worldwide on a lot of malicious activity. And when you combine that with the intelligence community's insights on who's behind it and what they're trying to accomplish, it's a really powerful position to be in. And so I think that's what we found by working directly with our industry partners over the last couple years.
It's just how much game they have and then just how much game we can have together, um, when we join forces against a lot of these nation state actors.
Blake: We're, we're all in this together. I remember even when covering some of the critical infrastructure industries, I was like, yeah, okay. [00:07:00] In my capacity as a reporter, I'm unbiased, but I gotta admit, I have a bias for keeping the lights on, keeping the US functioning as a country. I, you know, I'm not gonna, I'm not gonna deny that with some of these scary nation state threats that we can talk about.
You know, speaking of playbooks, I, I understand the, uh, The, as we're recording this, the, the, the Biden administration just released a, uh, national Cybersecurity strategy, which is, uh, which is a, a really, really big deal. I mean, this, I, I, I got a chance to read through it. There's a lot of really meaty stuff in there, and I'm wondering if you can share any, uh, top takeaways or kind of how you, uh, see this strategy playing out for your work.
Morgan Adamski: Yeah. I mean, first and foremost, kudos and fantastic work by the O N C D team to pull all of this together, A lot of rounds, um, with the inter-agency and private sector partners to make sure it was not just a strategy, but it actually could be implemented, uh, which is the key to most strategies. Um, what I would offer in terms of when we look at the strategy is just the emphasis on how much lift it's gonna take.
Both, not just from our [00:08:00] private sector partners, but also from the US government, right. We're asking. From the private sector, but that also means that we're willing to put a lot in the game from the US government side as well. Um, key focus on resiliency. Um, what I would offer is that when you talk about nation state cyber threats, to be clear, if you have information that they want, they're gonna keep coming to get it.
And so, you know, it's hard to protect against those type of threats. And so what you
Blake: It's the persistent and advanced. Persistent, right? That's the, they're persistent.
Morgan Adamski: they are. They are. And they're gonna come back. If you kick 'em out, they're gonna come back. Um, and so, you know, you really have to have those sector wide resiliency efforts and regulatory efforts to better ensure that we're just raising all boats in terms of securing the technology and the networks we care the most about.
Um, I really appreciated obvious. The portion that talks about private sector, uh, public-private partnerships and operational collaboration. Um, there is a lot of unique efforts that have really been set up in the last couple years. In addition to the ccc, right? You've [00:09:00] got the Joint Cyber Defense Collaborative at cisa.
You've got the new Energy Threat Analysis Center that's being stood up at, um, with Department of Energy, uh, which is the etac, which is named in the strategy as well. And all of these are, Evolving operational models for how we plan to partner with the private sector who have unique insights in different types of networks and sectors, um, together.
And so I think that that's a key aspect for us when we talk about the national strategy, is just how we are all evolving together in the cybersecurity domain, how we are sharing information, how we are sharing insights, and how we are enacting broad mitigation guidance that benefits all of us critical infrastructure.
Blake: Yeah, for, I mean, from an outside perspective, it's really exciting stuff. I feel like we've heard for decades about this notion of public-private partnerships, right? We need more public-private partnerships, and then when the rubber hits the road, it's like, okay, what does it actually look like? Well, guess what?
Sounds like you have an actual physical center that you can drive up to and go to where this sort of stuff is happening. [00:10:00] Uh, I guess, do you feel like we've really moved the dial at all on, uh, some of those relationships? I, I, I mean, you just listed off a, a number of, of efforts from across various agencies and I guess where, what's happening next?
Morgan Adamski: Yeah, absolutely. So first and foremost, I think we've made significant strides. Um, to your point, I think it's been 30 plus years now that we've used the terminology public-private partnerships. I know that we've tried to morph that language more into operational collaboration. Um, but again, uh, what does that look like day to day?
Um, and really what it is, is a convers. Right. Bringing together the right people with the right expertise, with the right data and the right power to do something about it. That is operational collaboration when it comes to US government in the private sector. Um, in terms of where are we going, um, , it's really easy to do public-private partnership or operational collaboration in a time of crisis, right?
When you come together, when you're talking about the Microsoft [00:11:00] Exchange exploitation and hnm, and you're talking about Log four J, everyone's experiencing the same pain. They all want to come together. It's clear what the priority is. It's clear the outcome you're seeking, right close the, close the vulnerability, mitigate the threat, get into a better, better position.
What's really difficult in this space is what does it look like when you don't have that? Right. What are you talking about day to day? What's the key nation state threats that everyone cares about? What's the common ground? Um, that's where we really need to evolve to is what are the key issues, the threats and the outcomes that we seek to accomplish.
Um, In regular day-to-day cybersecurity. And I think that's what you're gonna start to see evolve out of these operational centers is different priorities, um, different types of operational scenarios, uh, and then just working day-to-day against nation state threats. And it, it's gonna be a tit for tat It is persistent engagement as general Nakasone likes to refer to it.
We are constantly, you [00:12:00] know, defending and going after nation state threats to ensure that they're not putting our US critical infrastructure at.
Blake: That's really interesting, your focus on the day-to-day because you know, I, I remember all the breathless headlines. I think, uh, wired Lilly, Lilly Hay Newman had a great. Great one. The internet is on fire from log four J. You know, it's just, it just really stands out in memory as this. Scarring event for the cybersecurity industry, but these things don't just go away in the, in the interim between these really blockbuster vulnerabilities.
And so, you know, keeping that focus, um, is, is just so important. And I'd be curious, you know, you mentioned the, the need to keep this conversation right and have this, this just ongoing conversation day-to-day. How do you get that conversation started? Like what do you say to organizations? Is there a lot of outreach?
I mean, I guess we're talking about it here, which will, which will go out to our listeners, but, you know, how do you get the word out and how do you get those conversations moving?
Morgan Adamski: So part of the role that the c c C plays for NSA is a little bit of that transparency, right? So the fact of the matter is, is that the work that we have done, um, the work that we're trying to do to [00:13:00] secure the defense industrial base and assist CISA with us critical infrastructure, we publicly talk about that a lot because we want people to know that we're out there, we are trying to form the right relationships, we are trying to help.
Um, and so that's one aspect of it. Um, I. Us being named, you know, all these different entities being named in the national strategy is to show that we have that external facing presence. Um, in terms of our collaboration, what I would offer is to how these relationships get started. Little bit of it is a leap of faith.
Uh, right. A little bit of a is look, as I mentioned before, nation state actors, if you have information they care about, if you're a network they wanna be in, they're gonna c coming after you. They're. , that's why we call that advanced persistent threats. But you don't have to go in that alone, right? We can all do this together.
And so, um, if, if you wanna work, right, we have specific technical expertise, threat insights, we're willing to partner with you to share that information to better protect yourself. , what do you have to lose? [00:14:00] Right? Take the information, protect your networks, protect your customers. Um, there's a benefit there.
Um, and you, it's not just one or the other. You can partner with all of us. You can partner and enroll in all of our free cybersecurity services. I know from an NSA perspective, um, we offer free cybersecurity services to small to medium size DIB companies. That's our primary audience. Um, you can enroll in those as well as cisa as well as DC three services if you're familiar with them as well.
Um, . But you know, we pride ourselves on trying to focus on the cybersecurity services that we know that threat actors are specifically targeting a specific vector. And so we focus on the services that protect that vector and then we feed our insights into that service. Um, so that protects all the customers at once.
So again, it's one of those things that it is a little bit of a leap of. Um, but you know, we have a lot of cybersecurity expertise here at N S A. We've been doing it for close to, you know, a couple of decades now, . Um, and we wanna make sure we bring [00:15:00] that outside of the fence line and share that with the right people, um, so that we, it just can benefit all of us critical infrastructure and US customers.
Blake: just threw out, you know, a number of different acronyms, right? And I know people from outside DC might not be familiar with everything but what you know. If I'm a private sector organization that maybe could be a good candidate, say like one of those small to medium size defense, industrial based members who, who could really benefit from collaboration with ccc.
Um, I suppose they all know the acronyms too, but like, , how do you know where to go? Right. Is it, do you find yourself often, like ferrying somebody who knocks on CCCs door and you're like, actually maybe you'd be best served by going over to Energy or going over to some of these other things. Do you often, do you, do you ever play that role at ccc or is it, is it all trying to, uh, keep things in
Morgan Adamski: No, we actually play that role often. We, we work, I talk extensively with the Department of Energy and our DHS CISA counterparts to say, okay, who's partnering with who? Um, I've got this entity that came to me. They do not have an active DOD contract. But it looks like they're part of the [00:16:00] energy sector. Um, would you like to engage with them and they'll forward their contact information over, uh, to our energy counterparts or vice versa.
So we do a lot of that internal, um, to the US government to better ensure like everyone's getting the right coverage and everyone's talking to the right people. Um, so from our perspective at NSA and the ccc, if you have an active D O D contract and access to non-public information, you can partner with us and we have a number of ways of doing that, and you can actually find all that information on our website.
Blake: That's that. That's great. And I imagine that's very helpful for some of our listeners who may be feeling a little overwhelmed about, you know, Hey, I wanna partner with government, but where do I go? Who do I go to? And, and I think that's a perennial question. Now, I know we recently marked, uh, not to switch gears here a little bit, but, uh, we recently marked the one year.
Uh, anniversary of, uh, uh, Russia's just reckless invasion of Ukraine. And, uh, you know, I would be curious is, is, is CCC focused exclusively on sort of US-centric things? I mean, I know there are some threats that [00:17:00] emerged out of the Ukraine conflict. I wonder if you could share, uh, is it, has there been any intelligence sharing related to that conflict or how has that factored into your work, if at
Morgan Adamski: Yeah. So I can't talk, as, you know, can't talk about specific intelligence sharing, but what I will offer is that when we sh Yeah. When we share information with our private sector counterparts, um, and when I say private sector counterparts, we're talking about traditional defense, industrial based partners, but also internet service providers, cloud providers, content delivery, network device.
So the big ecosystem, um, we share that information directly with them and we say, you can use this information to protect your networks and all of your customers. Worldwide. Uh, we do not say that you can just, just protect the dib or just protect you as critical infrastructure, we say worldwide. And so, um, you know, that is part of our operating model is to get information into the hands of people who can protect, um, the things we care about globally because the Department of Defense, um, the US government, we are global.
And so we [00:18:00] wanna make sure that we're supporting that as much as possible. Um, I will tell you that when it came from a Russia, Ukraine perspective, we, the best insights that we got happening in Ukraine on their networks were right from our private sector partners who were there helping them. Um, and it gave us great insights into potentially what mitigations we needed to offer up to us critical infrastructure.
Um, and so it, it was a, it was a real pivot for us to not only be able to partner with our private sector partners, um, and. , you know, just what's the best mitigation to protect against the things that were happening on Ukrainian networks. But we were able to release a lot of cybersecurity advisories, specifically on the Russian cyber threat and the tactics and tech techniques and procedures that they were using, and put that out to the US general public into the net defenders so that they could protect and kind of preposition and ensure that we were not suffering some of those same type of attacks.
Blake: It's really been interesting. just the volume of information that's come out around the Ukraine conflict specifically has been really [00:19:00] fascinating for me to see. Uh, definitely seems like a, uh, a sea change in some of the way.
That this information is getting out to people who can actually act on it. Uh, whereas before it would've been like, don't even talk about something that sensitive. It's happening in that part of the world. And, and now it's like, okay, how do we, uh, how do we actually fix things and make sure we're not falling prey to some of the same vulnerabilities?
Um, now I I, I did, I understand you're, you're speaking at, uh, at rsa. I did wanna give you a chance to give, uh, listeners maybe a sneak peek at, at what's coming up there. Uh, so yeah, tell, tell me about what your RSA. Talk is gonna be.
Morgan Adamski: Yeah, so I'm really excited about rsa in particular, the panel that I'm on because it's a really great opportunity, um, for not only NSA but for our DHS s a Department of Energy, department of Treasury, and F B I colleagues. So all the operational center leads, uh, to stand on stage and talk about. Our evolution of public-private partnerships and what it means to us [00:20:00] today and what it looks like in the future.
Um, so a little bit of what we talked about earlier and the fact that what is the evolution of operational collaboration? What does it look like day-to-day for each one of these operational centers? Who are they partnering with? What are the types of things that they prioritize and care about and what type of relat.
The most sense with them. Um, right. You know, I think at the end of the day, as a former national cyber director would stay Chris Les. Right. When you come to one of us, you come to all of us. And so I think one of the key points that we wanna emphasize is that if you're talking to FBI or treasury or energy, we're all talking on the backend to ensure that we're sharing information appropriately.
That we're all benefiting from that engagement and we're helping as much as we can. And so I think that's one of the key aspects of the panel. Um, and. , I get to talk a little bit about NSA and the CCC and what we're doing in this space, which is new. Uh, a lot of people don't, you know, aren't used to seeing a National Security agency employee talking [00:21:00] extensively about the work that they do day-to-day on stage.
And so I really look forward to that opportunity.
Blake: Oh, that'll be great. And congratulations. By the way, Chris Les on, uh, his retirement, if he's listening. That was, uh, I know, I know that he had a big, uh, role to play in the crafting of the White House, uh, national cyber strategy and has just, uh, obviously been a tremendous influence on a number of US cyber policies over the years.
So, uh, it'll be interesting to see where he goes next. Uh, I will say, uh, Intergovernmental collaboration is an interesting issue. I know, you know, obviously we have a very close relationship with the UK's National Cybersecurity Center. Uh, what, what, what is that like, you know, how, how, how did the CCC come to team up with the UK's, uh, ncsc and, uh, I guess, where do you see Intergovernment cooperation going as, as these, you know, state actors continue to just become more prevalent?
Morgan Adamski: Um, we all know that cybersecurity does not operate within, uh, countries and boundaries, uh, very well. Those nation [00:22:00] state actors target globally. Um, so it's really critical for us to be able to partner, um, across the globe with all the key cybersecurity elements that have insights into these activities.
And how do we counter it together? A coalition is always going to be stronger in terms of how do we counter, um, And have a more global impact. Uh, what I'll tell you from an ncse perspective, right? Fantastic organization. One of the originals when it comes to how do you do public private partnership in real time.
Um, they have a lot of partners that are the same partners as the us. Um, and so we wanna make sure that if we're talking to these partners about the same threats, how do we team up? How do we have the most enriched conversation, right? In the specific example, you know, in 2022, NSA partnered. With nc s e through the c, c c to disclose a really critical vulnerability in Microsoft Windows.
Um, this was the first time that we jointly came out. Um, and just the discovery and disclosure and accepted attribution together. [00:23:00] I think we'll be doing that more in the future. Um, just because. , obviously we want to ensure people see that, um, we are, this is a critical vulnerability that they need to care about.
Uh, so we want to draw attention to that patching. A lot of people get patch fatigue these days, uh, so we wanna make sure they understand and prioritize the right things that they need to patch. Um, but really I would just say that's a marked change for us, that accepting attribution for discovery and disclosure of a critical vulnerability from an NSA perspective.
And that's something that we've been doing extensively, um, over the last couple years. Uh, when it comes to inter. Coalitions and working together. We have just seen huge benefit in partnering, uh, with our government entities and POCs across the globe in terms of just how we're countering these threats together.
Blake: I hope you can get special business cards printed that, uh, spell center, c e n t r e for the UK visits. Uh, is that, is that something diplomatically that you've worked
Morgan Adamski: I don't know. That might take a little bit of effort for people to really wrap their heads around from a [00:24:00] culture change perspective. So We'll, we'll try to stick True.
Blake: We can, we can stick with center. I, I guess the, the, the, the US spelling, we don't need to go down the rabbit hole of too many variants. So I, I see you're a big fan of, uh, of women in cybersecurity. Uh, uh, what can you tell me about that organization and, and, and just more broadly, what are some of the challenges for women in the cybersecurity industry now?
Morgan Adamski: Yeah, I just, I, I very much appreciate and have invested a lot of time ensuring that we promote getting more women into the cybersecurity field and the Women's In Cybersecurity Conference and various organizations like that are one of the ones we obviously spend a lot of time just from a recruitment perspective, but there's a lot of.
Great organizations out there, uh, that are doing this type of work and something that we wanna support from a national security agency. Um, what I will tell you is that in terms of barriers and recommendations to people, here's what I would offer for women that wanna get into this field first and foremost, right?
Get a good mentor, get a good pack, people that you can rely on to ask questions [00:25:00] that, um, have been through specific challenges before, or barriers ask the how they worked their way through it. Um, I think that's really critically important as you go into this field or any field in general. But, um, I would say in cybersecurity in particular, is finding those key mentors and advocates, people that want to give you those opportunities to really succeed.
Um, secondly, Cybersecurity education. There's a lot of classes and courses out there. Some of them are free, some of them cost. Some of those are scholarships and grants. Take advantage of them. Um, take advantage of the time to really just build your background. Um, I don't have a cybersecurity degree, but I've spent almost 15 years in the cybersecurity field and I've benefited from being able to take those courses.
So I would just really recommend that people spend time seeing what's out there and take advantage of it while they can. And then lastly, get ready to get uncomfortable. Um, right. It's okay to be in a field and be surrounded by people that have a lot of technical expertise that you don't quite necessarily have the background in.
But if you ask questions and you're [00:26:00] curious, what I have found is that cybersecurity professionals and people in this field, they wanna help. They wanna explain it to you. They wanna build the. Foundation of people who are interested in what's happening in this space. And so I have always found that, um, the cybersecurity cadre of experts across the globe and in different places, they are just, they want people to be involved and interested in what they do on day to day, and they wanna talk about it.
So just ask the right questions and, you know, get ready to learn.
Blake: Those are all fantastic recommendations so,you mentioned your background was not in cybersecurity and in fact I, I, I see that you got your bachelor's degree in Peace, war, and Defense, which I haven't actually.
Heard of before. I mean, I've heard of peace and war in defense, but just not necessarily that as a bachelor's degree, I guess. Have you always wanted to work for government and what got you onto this path?
Morgan Adamski: Yeah. So, um, yeah, peace Corps and Defense degree at UNC Chapel Hill. It's one that I absolutely loved, but it is not one I've commonly [00:27:00] come across. Anyone else has that bachelor's degree, so completely understand. Um, so I will tell you that I grew up, um, from a very young age playing sports. And so I've always been in team sports.
I've always recognized the importance of, you know, being part of something that's bigger than yourself. I was in high school around the time of nine 11. I'm not gonna say the specific grade to age myself. Uh, but what I will tell you is in high school during nine 11, and what happened was, is that I, I just didn't understand what was happening.
I didn't understand who was behind it. I didn't understand why it occurred, but I, what I did know is I didn't want it to happen again. And so I became very interested in national security and pursuing, you know, A deeper understanding of who are these actors? What are they behind, how do they operate and how do we dismantle and disrupt their operations?
Um, so went into, I got my bachelor's degree in Peace four and defense, my master's in strategic Intelligence. Um, and I think one of the main things they became fascinated with was not just how do you connect the dots, but how do [00:28:00] you see around the corners? Um, so what is the threat that's coming in the future?
And that's really where cybersecurity came in. And I've been in that field forever. Um, , that is why I got so interested into working in the US government and the National Security Agency. One of the reasons that I stay, though I will tell you is that a lot of people, um, know that the two missions of NSA is signals intelligence, but also cybersecurity.
But we are a combat support agency, and so we secure the communications of the war fighters overseas. Um, a couple years ago I was able to go over to Afghanistan to thank a lot of the deployed personnel, um, for what they were doing on a day-to-day basis to keep our nation. Um, unfortunately not all of those personnel made it home and so, um, you know, really understanding the significance that we play, um, and trying to ensure they have that indication and warning that we secure the comms that may allow them to move safely through theater.
Just wanted to make sure more and more of those people made it home every single day. And so it's one of the reasons I continue to pursue national security, and I'm passionate about what we do [00:29:00] here at the National Security.
Blake: I, I think, uh, I think our listeners could all agree this is a dramatically important mission and, uh, and thank you for sharing that. And as I understand it, the NSA is also hiring. I saw that Rob Joyce, uh, tweeted something about that recently, and I know that's been a bit of a bumpy market for some tech and cyber companies.
But, uh, there's been some, uh, I guess there's, there's hiring going on there, so, uh, something to stay tuned.
Morgan Adamski: It's our biggest hiring year yet, so please do. Um, we're looking for all the type of qualified people, backgrounds of all types of varieties. So if you're interested, intelligence careers.gov, please come see us.
Blake: I will say, uh, speaking of Rob Joyce, I, I hear he assembles quite the epic array of, of Christmas lights. Have you ever had the chance to swing by and see those in person? They sound like something really
Morgan Adamski: Uh, uh, they are, I have seen them in person. It is quite daunting. Um, I would recommend not necessarily going there with, say, your spouse or family who now realizes that they may have to put on the same type of [00:30:00] Christmas light display for your kids, cuz your kids' expectations are very high. Uh, but, It, it is, it attracts a ton of talent.
a ton of people to come see him. It is something that he invests a lot of time in. Um, we're very proud of him. Um, we try to challenge him every year to make him bigger and better. Um, but, you know, he's still gotta climb up on that roof every year to put those lights on. So we, we need our cybersecurity director, so we tell him to be safe.
Blake: please be safe. I, I would a hundred percent either fall or electrocute myself trying to assemble something like that. Uh, but you know, that's, that's why I don't, don't string up too many Christmas lights every year. Um, so , thank you again for joining us. This is, we, we have one final question we ask all of our guests here, which is, uh, what's something that we wouldn't know about you just by looking at your LinkedIn profile?
Morgan Adamski: Hmm. So I have two happy places. First and foremost, the beach. I just love being at the beach as much as humanly possible. It's just, it is in my blood. Um, secondly, I am born and raised in Baltimore. Um, and so one of my other [00:31:00] passions is really, um, helping a lot of nonprofits around Baltimore. Um, and just, I think there's something about volunteering, uh, that's really great.
Um, you know, I have a problem saying no to things. I like to be involved in a lot of activities. Um, but there is just something that makes my heart extremely happy in terms of volunteering around Baltimore for a lot of the work that they're doing there.
Blake: That's great. That's great. And I guess we didn't touch on which team sport you played. It sounded like you had a good sense of offense and defense. What, what, back in, uh, back in high school, what was your, what was your sport of
Morgan Adamski: Um, so I played soccer in lacrosse in high school, but I played lacrosse at U N C, so uh, I was able to play at the collegiate division one level. And so that gets you training and moving, you know, 16 hours a day. So I'm used to running constantly, which I guess got me prepared for cyber.
Blake: Oh, absolutely. Yeah, I went to Northwestern huge lacrosse school. So, uh, definitely not that I played nothing. Not that I played , uh, but, but that's all great. And, uh, certainly can relate to sometimes needing to get away from all the APTs and, uh, [00:32:00] relax on the beach. So hopefully, hopefully, uh, maybe after your RSA talk you get a chance to do that soon.
And, and thanks again so much, Morgan for joining us. Really appreciate your insights and, uh, wish you luck at the ccc.
Morgan Adamski: All right. Thank you Blake for having me.