“Work That Matters” is a series in which ECS experts discuss their roles and responsibilities and the larger impact they have in the workplace, community, and world. In this installment, we interview Joanna Dempsey, senior director of cyber solutions at ECS. Joanna leads the company’s portfolio of programs supporting the Cybersecurity and Infrastructure Security Agency (CISA). She is responsible for delivering solutions which enhance our nation’s cybersecurity defenses, including the Continuous Diagnostics and Mitigation (CDM) Dashboard.
DIRECTOR OF CYBER
Joanna Dempsey has spent her career in information technology, but it wasn’t until going back to school for her M.B.A. that she became interested in cybersecurity. While most of her classmates were cybersecurity professionals seeking business and management skills, she was just the opposite—a program manager who had studied business as an undergraduate and wanted to improve her technical acumen. Shortly after graduation, Joanna began working on the CISA CDM Program, diving headfirst into cybersecurity and never looking back.
Q: You were a business analyst who went back to school in order to move into a more technical space—what were the challenges of that transition?
A: I’ve worked closely with engineers throughout my career, which I love because I’m always learning new things. However, the challenge of working in a technical space is that I’ve also often felt like I’m trying to solve a puzzle without understanding the complete picture. I’m constantly taking notes and Googling when I get back to my desk, and I’ve had more than my fair share of whiteboard educational sessions with my more technical peers. I used to feel that my business background was a weakness in a technical field. However, I’ve learned over time that my ability to offer a different perspective on how to approach challenges is a strength, especially in areas where technology is only part of the solution.
Going back to school was an opportunity for me to continue leaning into the business aspects I enjoy, while pushing myself to better comprehend IT and cybersecurity. The biggest challenge of going back to school while working full time was having my first child halfway through the program. A week after he was born, I had to attend an all-day class and make a presentation. I remember thinking, if I can do this, I can do anything work throws my way!
Q: After graduating, how did you put your new degree to use?
A: My M.B.A. in Information Security Management enabled me to immediately apply everything I was learning to my job, which was very rewarding. After graduation, I applied for a rotation program within my company at the time. It was a very competitive job with a tough application, including a strategic plan for a mock business and a presentation to company leadership. Because I’d spent the past few years doing similar work in school, it didn’t seem like such a heavy lift.
After that, I spent a year and a half in corporate strategy, which offered me a completely different perspective on how businesses function also helped me better understand my own professional aspirations and preferences. I missed working directly with customers and managing a team—I even missed working closely with engineers! So, right after my second baby was born, I volunteered to take on a new challenge: supporting the Continuous Diagnostics and Mitigation (CDM) program. I’ve now been supporting CISA and the CDM program for close to 7 years. It sounds strange, but having kids has actually propelled me forward in my career. It forces me to be efficient and strategic with my time, and it’s motivated me to make the most of the time I spend at work.
Q: Tell me about working on the CDM Dashboard Ecosystem.
A: The CDM Dashboard Ecosystem is a cybersecurity tool that provides real-time cyber situational awareness to CISA, as well as federal civilian agencies. As a program, it just passed a major milestone: 10 years of helping agencies better identify and protect their assets! We aggregate, enrich, and visualize data from close to one million federal devices, including vulnerability, software, and configuration status. When you put these data points together, you have a pretty complete picture of the security state of any particular asset, which agencies use to prioritize their defense efforts.
Because there are so many stakeholders—various CISA stakeholders, agencies, multiple integrators—no single entity owns the ultimate outcome of the CDM mission. Everyone works together, which can be challenging, but it also creates the opportunity for a tremendous amount of learning. You are constantly talking to different people to understand how they are solving their piece of the puzzle. For me, that’s one of the best parts of the job.
Q: What’s next for you at ECS?
A: I love leading our ECS team supporting CISA – as the newest Federal Agency with a rapidly expanding mission, I see no shortage of opportunities here for me to continue to apply my passion for cybersecurity and business to help solve really hard problems. I am particularly excited about the next phase of CDM. We’ve spent the last three years implementing a new technology stack, which is going to enable a new level of operational visibility into cyber risk. It’s going to be a lot of fun figuring out how we now streamline access to the data and connect with other initiatives across CISA to maximize its value.
Getting into the weeds and problem-solving with our amazing engineers is not something I plan on giving up any time soon. As a business leader, one of the things I love about ECS is that leaders have more control over how they spend their time than I’ve seen at other places. There are some very effective leaders at ECS who work very differently from one another, and yet, the outcomes are similar and positive. I like knowing that if I choose to move up, I’ll have the freedom to do things in a way that works for me and for the business. ECS is a very encouraging and inclusive place to work–I feel like my career is mine to shape, and the company will support me. I find that very empowering and motivating.