At Journey's End, a Reflection on its Beginning

During May 8-13, 2024, I hit a number of milestones ending my journey to obtain a Master's degree in Cybersecurity Management from Washington University in St. Louis. May 8, 2024, is the day my degree was conferred and the date that will appear on my diploma. On May 11, I attended the McKelvey School of Engineering Recognition Ceremony, and on May 13, I attended the All-Campus Commencement Ceremony. 

After reaching this goal, I spent some time reflecting on how the journey began. In October 2018, I attended a celebration of Cybersecurity month at Mastercard, and after listening to an engaging guest speaker, Dr. Jon Brickey announced a new partnership with WashU. Employees accepted into the program were earning a graduate certificate and they had the option to continue after that and earn a master's degree. The classes were meeting at Mastercard, and the company was paying tuition and fees, including textbooks. I spoke to Dr. Brickey after the event to find out how I could be a part of this program. I discovered the first cohort was already underway, and it was recommended that I take the classes in order instead of joining the cohort mid program, so I applied for the second cohort. For my application, I had to write a Statement of Purpose, similar to the personal essay sometimes required when applying for an undergrad program. 

I remember thinking that I might not get in, and that my SOP needed to be attention getting and interesting because this was WashU. When I was in high school, WashU was one of the schools that recruited me, but one of the best schools for journalism was just 100 miles away from home in the opposite direction. As I completed my application, I wondered if I would be good enough for WashU now as a graduate student? It turned out I was, and I even accidentally applied for the degree program by clicking the wrong button on the online application form. It was a chance happenstance I ended up not regretting. I had fun looking back and reading my SOP!

Statement of Purpose (written in November 2018 and submitted with my application for a Master's Degree program in Cybersecurity Management at WashU):

I’ve been in love with Robert Redford since I was three years old. My parents and I were shopping at the Northwest Plaza mall when my parents decided to see the movie The Electric Horseman starring Redford and Jane Fonda. They were not sure I would sit through it, but when my mom checked on me, she found me sitting cross-legged on my seat, propping my head up with my hands, mesmerized by the image of Redford wearing a glowing cowboy costume riding on a horse down the Las Vegas strip. 

I have seen almost every one of Redford’s movies, and one of my favorites is Sneakers. In the opening scene, Redford and his team of misfits are paid to break into a bank in order to advise the bank on vulnerabilities in their security. The team goes on to obtain universal code-breaking technology and then risks their lives to make sure this technology cannot be used by nefarious actors, including our own government. I first saw this movie when I was in high school, and this first exposure to ethical hacking made an impression on me. 

Last month, in celebration of Cybersecurity month at Mastercard, I heard Frank Abagnale speak about his life running cons until he was 21 years old, and subsequent work as an FBI consultant. During his speech, he stated that it is not a question of “if” a security breach will happen, but “when,” and that security breaches occur either because an employee fails to do something that they should, or an employee does something that they should not. I believe the study of Cybersecurity Management is vital to any business, especially a business like Mastercard that handles a large amount of personal data and is confronted by cyber threats every day. If employees are ignorant of Cybersecurity Management, then the company becomes vulnerable to an attack. If an attack is successful, the company risks losing the public’s trust, and the brand suffers potentially irreparable damage. 

For example, KMOV-TV recently aired a story about the Walgreens website allowing anyone to look up purchases made by their customers using just their phone number. These purchases included sensitive items such as pregnancy tests and medications. Walgreens Boots Alliance, the parent company of its drugstores, employs over 400,000 people. It is unimaginable that at least one of them did not sound an alarm about this feature of their site, and that the problem was not discovered or rectified until a viewer called in a tip to a TV station. 

Frontline’s recent report on Facebook, The Facebook Dilemma, also illustrated a company’s carelessness regarding ways the company’s technology could be used for malfeasance. Facebook’s idealistic goal of being a force for good as it connects everyone around the globe created the climate where controls were not considered necessary. Common sense security could have prevented disreputable groups from manipulating the information posted on its newsfeeds to fight a propaganda war in countries around the globe. As a former journalist myself whose skills were honed by The Missouri Method that holds accuracy as one of its primary tenets, misleading and inaccurate information is one of my pet peeves. 

My Bachelor of Journalism degree and my experience at the St. Louis Post-Dispatch and KMOV-TV ensured I was in the right place at the right time to obtain a position as a technical writer at Mastercard supported by LaunchCode’s apprenticeship program. Mastercard was looking for someone with journalism and writing experience who had a passion for technology, and I was the ideal match. I was converted to an employee after three months, and a little over a year after that, I was offered the position of software engineer. As a software engineer, I know the best defense against a security breach is me. If I am vigilant, and make sure to think of all the ways the bad actors could obtain and misuse access to the applications I am building, then I am safeguarding Mastercard’s assets and protecting public trust. If my application to Washington University’s Cybersecurity Management program is accepted, then I will leverage these critical skills and knowledge to continue safeguarding data at Mastercard.