Dawn Cappelli: Becoming the cyber fairy godmother. [OT]
Dawn Cappelli: Hi, I am Dawn Cappelli and I am the Director of OT CERT at Dragos.
Dawn Cappelli: When I was a kid, I wanted to be a rockstar as a little girl playing with her Barbie dolls, my Barbie doll was always a rockstar. But, um, then as I got older, I got a little more realistic as to my realistic career aspirations.
Dawn Cappelli: I always loved math, um, loved math and so in school I was always good at math. It was my favorite subject. Went to college and I thought, what can you do with math? And finally I realized, boy, I really like math. I should do something with math, if I'm gonna pick a career, but my guidance counselor at the University of Pittsburgh said, if you're going to be a math major, you have to make yourself take one computer class. And I said, I do not like those computers, they scare me. And he said, you have got to take one class. So I took one class and I loved it. So for the rest of my whole junior and senior year, I took two to three computer classes each semester so that I had a joint major in math and computer science.
Dawn Cappelli: I went to Westinghouse and I got a job as a software engineer programming nuclear power plants and nuclear power was booming back then. After Westinghouse, um, I, I went to Carnegie Mellon University and I just did various kinds of software engineering projects. What really changed the course of my life was when we did a prototype of a portal for collaboration and emergency response in case of a bioterrorism attack. I really enjoyed that, but then I thought, you know, no one has mentioned security and we're talking about a portal for a bioterrorism attack. So I decided to go to CERT, um, which was the very first cybersecurity organization in the world, and it happened to be at Carnegie Mellon University. So I lucked out and ended up getting a job CERT, changed the course of my career.
Dawn Cappelli: I took my job at CERT and they told me, we just got a new contract with the Secret Service and at that time, the Secret Service, their protective mission was not just for the president. It, um, encompassed all. National special security events, like the first one that we had to help the Secret Service with was the Salt Lake City Olympics and so that was our job. And I thought, this is the coolest thing in the world. I get to work with the Secret Service protecting the Olympics, and I know nothing about security. So coolest job ever until a month and a half later, 9/11 happened. And all of a sudden that cool, neat job became really serious because they thought for sure that would be the next terrorist attack, that it would happen at the Olympics. So, um, that, that, again, life changing day for many of us. But for my career, that was a big game changer. And so that ended up leading to the creation of the CERT Insider Threat Center, which, uh, we started up, uh, after the Olympics and it, I left in 2013 to go to Rockwell. So it, it was very successful.
Dawn Cappelli: So I was CISO from 2016 until 2022. And when I took the job, I told Rockwell that I was planning on retiring in January of 2021. And then when that was approaching, I said, you know, I'm still having fun. I don't think I'm ready to go. I'm gonna give it another year. Well, 2021 pretty much did me in as many CISOs. That's when ransomware was becoming more prevalent. I don't think people realize how stressful the job of CISO is, and so I finally thought, okay, now I'm ready. So I retired, but I knew I still loved security. I have this passion for protection and so Dragos came along and they offered me this role of Director of OT CERT. I feel like I'm the security fairy godmother. I get to give things away for free to small and medium businesses to help them start, uh, and mature a security program.
Dawn Cappelli: I believe strongly that as a leader, you should have people working for you that are smarter than you and better than you. I think the, the main thing as a leader is I surrounded myself that with people that had the same passion as I did, and the same at Dragos. I don't have a team at Dragos. I have a habit of taking a job and never asking do I get any money or any people. Everyone is so passionate about the mission of the company, which is safeguarding civilization, that I have people coming to me and just saying, what can I do for you? So I think it's just, um, my leadership style is, just the, that passion, it, it seems to be my secret to success because it wants people to want to help instead of making me try to get people to help.
Dawn Cappelli: My words of wisdom that I tell people all the time is, take a risk in your career if you see a job, like I saw that job insert leading a project with the Secret Service, and I felt like I don't know if I can do this. I know nothing about security, how am I gonna do this? But it was so intriguing and challenging and exciting that I took it and if I hadn't, I'd probably still be back at Carnegie Mellon writing boring code. So, you know, every job I've taken, I've been terrified, intimidated, but yet excited. So I like to tell people, just don't be afraid to take that risk. If someone's willing to pay you to take the job, they have confidence in you, so you need to have confidence in yourself.