When Rachel Wilson began her career in cybersecurity at the National Security Agency in the months after 9/11, she never imagined she’d one day work for Morgan Stanley Wealth Management.
Her time at the NSA took her from the American embassy in London, where she countered terrorist threats to the 2012 Olympic Games, to Maryland’s Fort Meade, where she addressed terrorist threats to the U.S.
By 2017, when she became Morgan Stanley’s head of wealth management data security & infrastructure risk, Wilson says she was ready for a change of pace. Wilson is set to discuss all this and more as keynote speaker for The Baltimore Sun’s sold-out Women to Watch networking event Oct. 21.
How have cyber threats evolved during the COVID-19 pandemic?
I’ve never seen anything like what is truly a cyber crime pandemic these past 18 months — on top of everything else, in the 20 years I’ve been in this business.
We’ve seen a huge volume of phishing emails that are offering advice on preventing COVID-19 infections, or sometimes these websites are trying to sell fake items. Back before the vaccine, we would see treatments and oxygen purifiers and all kinds of things being sold on these fraudulent websites, but it really is the hackers trying to take advantage of our depleted mental state over the pandemic, and they’re also really working to take advantage of the fact that so many people are working from home.
What must companies do to defend against these threats?
Whether you’re a large business, medium-sized, small, individual, it’s keeping all of your devices, all of your operating systems — so this would be your phone, your laptop, the apps on your phone, your browser — keeping them all fully patched and up to date.
I think it’s really important for everyone — people, as well as companies — to store their critical data in multiple places.
It’s also important for people and companies to actually practice restoring from those backups. What [my team] sees happen far too often is that an individual or a company thinks that they have their data backed up, but they’ve never practiced the process of restoring and so when push comes to shove, they actually find it to be much more difficult or even impossible — even when they think they’ve done all the right things.
What is your advice for women in male-dominated fields like cybersecurity?
The advice that I’ve always given my mentees, who find themselves in these situations where they’re the only woman in the room is that I want them to come well-prepared to the meeting with three crisp, pithy things that they might want to say.
But I insist that they say something within the first 10 minutes, because the mistake I frequently see women make is that they’re well prepared, they have great ideas, they know the opinion and the leverage that they want to have, but then they let the meeting slip through their fingers.
What tools have you used to achieve a meaningful work-life balance?
I don’t do a good job with work-life balance. I think it’s really, really hard. It’s ever-tempting to check that email, to make that phone call, to work on a Saturday or Sunday. So, the approach that I’veused is not to try to achieve balance per se, but simply to be very, very present wherever I am. So when I’m at work, I am at work.
Likewise, when I’m at home, It’s putting my phone down and saying ‘OK, I’m at home now and I’m in a separate place and I’m in my wife-and-mother-and-daughter-and-sister role.’ So, I’m not going to send that next text. I’m not going to send that next work email. Instead, I’m going to be fully present.
That is why work-from-home for me last year was so terrible, because it made it virtually impossible for me to use my strategy of being fully present where I was, and I was trying to do work when there was the constant temptation to multitask.