Andi Roddy, Chief of the Nuclear Command and Control Systems Cybersecurity Group at the National Security Agency (NSA), has spent her entire professional career with the agency. Her interest was sparked after hearing stories from her grandfather who had worked for the precursor agency to the NSA during World War II. Though he never actually talked about the specifics of what he did there, he was proud of his work and encouraged her to consider joining the agency after she graduated college with her biomedical engineering degree.
“He was so proud of his work and the role NSA had in winning World War II, and he thought it was a great place for a technical person like me. Once I got here, I discovered he was really right,” she says.
Roddy has held a number of cybersecurity roles during her tenure at NSA, and she's really passionate about "getting to the left of theft" or rather, mitigating security vulnerabilities before they occur.
In her current role, Roddy oversees the talented team of engineers and analysts that validate the keys, codes and cryptography that underpin the United States nuclear weapons security. In essence, her team is responsible for the security of the nuclear launch codes, related materials and communication that leads up to nuclear weapons decision-making.
"We integrate threat, vulnerability, security engineering, and mitigation to help prioritize the security risks that need to be mitigated," she explains. In other words, it's not a low-stress position, but then again, what security job is?
When Roddy first began her career at the NSA, she worked in research and development on biometric authentication, eventually working on vulnerability analysis of biometrics and other technologies, finding holes and fixing them before adversaries could find them. She soon found herself in a management role and then made her way to USCYBERCOM for an assignment as the Chief of Defensive Cyber Operations on the way to her current role today.
“Now in nuclear command and control, it’s one of the most no-fail missions you can have,” she says.
One accomplishment during her career that Roddy is most proud of is her time as the program manager for the Commercial Solutions for Classified program. Years ago, Roddy and her team designed the layers of commercial encryption needed to secure communications for classified government use. Those efforts laid the foundation for secure government telework during COVID-19 in 2020. "I'm very proud of that," she says.
According to Roddy, the biggest challenge for security leaders in today's threat landscape is protecting the entire supply chain — particularly the industrial base and the contractors and providers of products and services to the government as it relates to national security. For the government, Roddy is talking about the more than 100,000 companies in the private sector that produce and provide systems and services to the Department of Defense and other government agencies. Just by doing business with the government, many companies become an attractive target for foreign adversaries.
"The biggest challenge is no one entity has complete visibility, so it makes the whole security approach very difficult. We need to ask who else we can include in this problem," she says.
Roddy says it's extremely important for the private companies providing services or working with the government to share information, because national security is a shared problem.
"That's where the public-private partnerships get to be really critical, having these near peer adversaries, because none of us have perfect visibility by ourselves. So, the government and the commercial sector can share those adversary activity and indicators. It can be a challenge, but it's a really important part of the problem," she says.
NSA has been piloting a number of approaches to secure the supply chain of the defense industrial base, including bidirectional information sharing and jointly developing mitigation approaches, through the Cybersecurity Collaboration Center as well as launching the agency's Center for Cybersecurity Standards, which aims to ensure that secure standards are adopted and integrated into the commercial products that we all rely on.
Though Roddy's main focus is national security, she makes a concerted effort to carve time out of her schedule to encourage young students and NSA employees in their careers. She mentors members of her team along with other agency employees, being a sounding board for their career goals and encouraging them to aim higher.
Roddy has always felt appreciated during her career for her expertise and what she could bring to the table, and she wants to make sure others feel that too. "I got into leadership because I was supported," she says.
With her team, Roddy works one-on-one with staff members to catalogue their experiences and see where they can develop professionally. "I try to spend a good part of my time and make it intentional to mentor and grow the next generation because someone's got to replace me. We want to make sure we have that deep bench," she laughs.