Public service has been a core tenant of Jordan Rae Kelly’s life since childhood. Kelly, who has held cybersecurity leadership roles across the FBI, White House and private sector throughout her career, credits her hometown with her interest in security.
“My hometown is Oak Ridge, Tennessee, which was an important town in the Manhattan Project. Growing up amongst a community that was really ingrained in the mission of service, from the Department of Energy facilities there, I became very interested in the idea of working for government because I was surrounded by many people who worked in that space,” Kelly explains.
However, Kelly didn’t always plan on a career in Washington, D.C. While she initially hoped for a government career in Oak Ridge, a fellowship opportunity during law school introduced her to agencies across the country.
“During law school, I applied for a fellowship program called the Presidential Management Fellowship, which gave me the opportunity to interview with a lot of different government agencies,” says Kelly.
After initially accepting a role at the Centers for Disease Control in Atlanta — “My career trajectory would have been quite different,” she says — Kelly ended up selecting a position at the FBI, which is where her cybersecurity career took off.
Collaboration in the public sector
Kelly served in the FBI for 11 years, holding the Chief of Staff role in the Cyber Division and protecting the nation in a time of constant change in cyberspace.
“I think now, it would be hard to imagine talking about security without talking about cybersecurity. In 2008, we were just getting there. It couldn’t have been a better, more interesting time to be in FBI and the FBI Cyber Division,” says Kelly.
Being on the forefront of cybersecurity as the Internet evolved helped Kelly understand the importance of collaboration in cybersecurity. Spurred by the Comprehensive National Cybersecurity Initiative (CNCI), the first directive that required government agencies to take an active role in cybersecurity, Kelly helped lead some of the FBI’s first conversations with the private sector around cybersecurity within her first weeks on the job.
“I was able to work on some of the initial outreach of the FBI Cyber Division to the financial services industry — hearing what they were saying, understanding what they needed from the government and how we could make that a relationship that was beneficial for all,” Kelly says.
Prioritizing private-sector voices and foregrounding public-private partnerships helped Kelly develop actionable cybersecurity best practices for the sector and shaped her understanding of government cybersecurity.
“The FBI was very cognizant of the fact that the private sector owns and operates the Internet. There’s a famous J. Edgar Hoover quote that’s written inside the courtyard of the FBI building that says, ‘The most effective weapon against crime is cooperation… The efforts of all law enforcement agencies with the support and understanding of the American people.’ And that is just incredibly true in the world of cybersecurity. We must have this cooperation,” emphasizes Kelly.
Cooperation is a common thread throughout Kelly’s cybersecurity career. While at the FBI, Kelly played a leading role in modernizing government cybersecurity through an initiative called Next Generation Cyber; served as Secretariat for the Strategic Alliance Cyber Crime Working Group, a cybersecurity initiative across the Five Eyes (Australia, Canada, New Zealand, the United Kingdom and the United States); and honed the responsibilities of the FBI’s Cyber Division; among a number of other accomplishments.
Many initiatives Kelly supported at the FBI set the stage for modern cybersecurity best practices as the threat landscape continued to evolve.
“The FBI’s mission is to secure, whether that means preventing incidents from happening or responding to those incidents. Those are equally important and two sides of the same coin of keeping Americans and American interests as safe and secure as possible,” Kelly says.
In the last two years of Kelly’s government service, she worked for the White House as the Director for Incident Response at the National Security Council. She leveraged her decade of cybersecurity experience in the FBI towards her role as a Chief Author of the 2018 White House Cybersecurity Strategy.
The collaborative groundwork set forth in the 2018 strategy influenced the future administration’s cybersecurity strategy as well.
“I think it was incredibly kind that the current version actually says that this carries on much of the work done in the 2018 strategy,” Kelly says.
A shift to the private sector
After more than a decade in public service, Kelly transitioned to her current role as Senior Managing Director and Head of Cybersecurity for the Americas at FTI Consulting (FTI), a global business advisory firm. Kelly continues to make an impact on cybersecurity, now with a private-sector lens.
When she joined FTI in 2019, she found that her public-sector perspective proved an asset in her consulting efforts.
“I was immediately and pleasantly surprised to find that the concerns I was working on in the government are very much what I still work on every day — keeping the company safe, helping them respond to incidents and figuring out the best strategic approach,” says Kelly.
She says her consulting work has helped her hone in on specific tactics that benefit organizations on a daily basis.
“The FBI was more macro in thinking about strategic ways that companies needed to make changes, but not necessarily seeing how those changes might affect the company’s day to day,” Kelly says. “[FTI has] really expanded my worldview on cybersecurity, and it’s made me a much better practitioner.”
In addition to her cybersecurity accomplishments, Kelly works to pave the way for women and girls to enter the cybersecurity field. Kelly has worked with the Girl Scouts, Women in Cybersecurity (WiCyS) and Girls Who Code to spread awareness about cybersecurity careers in the next generation of talent.
“If we don’t encourage young women and other people with diverse backgrounds to join cybersecurity, it will be to the detriment of the entire field,” says Kelly. “All industries are benefited by having diversity of experience, diversity of perspective and background. That’s why I think this work is really important and fulfilling for me.”
Predicting the future of cybersecurity
When asked about cybersecurity threats on the horizon, Kelly turned to the generative artificial intelligence (AI) tool ChatGPT for answers. ChatGPT returned a list of common cybersecurity threats, including ransomware, social engineering, nation-state attacks, AI-augmented cyberattacks and more. However, what Kelly found most intriguing about the response was a disclaimer at the beginning of the list.
“What I thought was interesting is that it actually says up at the top, ‘I can’t make predictions because my model is based on current knowledge,’” she explains.
She says that being predictive is where cybersecurity leaders play an irreplaceable role in the protection of assets. Looking forward, cybersecurity leaders must use their expertise and imaginations to anticipate future security threats.
“We must predict how we will be affected by things that are outside of the scope of our imagination. We have to be so predictive that our defenses have to avoid threats that we haven’t even imagined yet,” Kelly says.