Expert Q&A: Veronica Cuello Discusses a Holistic Approach to Cybersecurity and Risk Management
Veronica Cuello is a cybersecurity leader specializing in risk management and program transformation. She has been supporting clients for more than 20 years, consistently improving their security posture. In her role as a cybersecurity executive, Veronica is responsible for ensuring excellence in customer delivery, expanding Tetra Tech’s cybersecurity services into new markets, and continuing to develop cutting-edge cyber capabilities. Veronica also co-leads a women’s initiative program with the aim of empowering and advancing women in the workplace. She holds a Master of Science in Technology Management from George Mason University and a bachelor of arts degree from Vassar College.
What sparked your interest in establishing a career in cybersecurity?
I was initially headed towards a career in management consulting when I encountered a client who was struggling to implement a cybersecurity program in response to a federal regulation called the Computer Security Act of 1987. I took a copy of the act home, read it from beginning to end, and helped my client implement it step-by-step. By doing so, I developed an interest in technology, and more specifically in cybersecurity. I was attracted to the dynamic nature of the field—technology is always evolving, and there is always something new to learn. It’s also a broad field with many interesting specializations to pick from.
How has cybersecurity evolved during your career?
In the beginning, there was little guidance on how to implement cyber programs. There were regulations stating what needed to be done, but how to get it done was left to interpretation. Over the years, many frameworks and models were developed, and agencies like the National Institute of Standards and Technology and the Department of Homeland Security have done a lot to demystify cybersecurity. More recently, information technology (IT) modernization initiatives, continuous development practices, and the increased use of cloud technology has really changed the way we approach cybersecurity. Some developments have streamlined cyber processes, such as more centralization and consolidation, and others have made securing data more complex, such as how to protect your data in a multi-tenant environment.
What is the biggest cybersecurity challenge our clients face today?
My experience has been that the biggest challenge our clients face is not about technology—it is about the people and culture. Implementing robust cyber programs must be a coordinated effort and comes down to people. As demonstrated by the constant barrage and relative success rate of cyberattacks—like phishing attacks—aimed at end-users, changing human behavior can be difficult. It takes a continuous effort aimed at all organizational levels to implement and maintain a robust cybersecurity program that can constantly evolve in response to new attack techniques. Additionally, the shortage of skilled cybersecurity professionals available in the workforce is a real challenge in the industry.
How will cybersecurity evolve over the next three to five years?
In the next few years, we will continue to face more sophisticated and evolving threats from groups of people who want to profit from increasingly valuable data or want to engage in cyberespionage, cyberwarfare, or hacktivism. At the same time, IT is becoming more integrated in our daily lives—with the number of Internet of Things (IoT) devices increasing—and even in our critical infrastructure. The convergence of these trends means that cybersecurity will become increasingly important to citizens and governments alike and will be an enabler for advancing IT in an increasingly connected world as we rely more on information systems.
What is Tetra Tech doing to address cybersecurity threats facing our clients?
We approach our clients at a holistic level by identifying the root of their cyber challenges and implementing transformative solutions that stretch from traditional accreditation of IT systems to applying cybersecurity controls to protect critical infrastructure. This includes making better use of existing tools and resources through analysis and automation, and through integration of cybersecurity into the acquisition and development life cycles. Tetra Tech views compliance with cybersecurity standards and guidelines as a by-product and not an objective. Finally, our expertise includes attracting and developing top talent through our internal training programs, which are aimed at keeping Tetra Tech’s experts at the leading edge of cybersecurity developments.