Booz Allen Welcomes New CISO Amanda Cody

The term “veteran” applies to Booz Allen’s new Chief Information Security Officer (CISO) Amanda Cody in many ways.

She’s a veteran in the very real sense, having served in the U.S. Marine Corps. She’s also a cyber veteran, having directed information security efforts at other large organizations, such as the American Red Cross and National Geographic. She knows how to help complex, critical industries navigate evolving threats, having most recently served as CISO for the Financial Services Information Sharing and Analysis Center (FS-ISAC). And as a returning employee, she’s also a Booz Allen veteran who embraces our mission and values, having supported our defense and intelligence clients from 2009 to 2015.

“Booz Allen has a great brand and an awesome mission, and the work we do is so important,” she explains. There’s also a personal element to her decision. “I’m a former Marine and my son recently earned the title of Marine. So, supporting the government, and the nation’s defense sector in particular, is something I’m very passionate about.”

Here, Amanda talks about what she plans to focus on in her new role, Booz Allen’s “Client Zero” approach to IT innovation, and the evolving role of the CISO.

Amanda says she has three priorities in the job ahead. One is people. “We have to make sure we’re building a high-caliber, diverse talent pool with pipelines and paths forward,” she says. “We need to attract and retain people that are hungry and have an aptitude and willingness to learn and grow.”

Another priority involves the essential work of every CISO: protecting the organization itself. “The basics of a cybersecurity program, like asset and vulnerability management, are often not glamorous,” says Amanda. "But they are foundational and fundamental to a good security program. It’s what allows us to be able to pick our heads up and do other things.”

These other things include answering important questions about new technologies and threats. As artificial intelligence (AI) and machine learning become ubiquitous, how can adversaries use these technologies against Booz Allen, and how can we leverage them in our defense? How can we develop algorithms that resist these attacks and protect the firm’s data?

“We want to make sure we’re being purposeful in our investments and maturing our security stack,” Amanda says.

Finally, as one of the federal government’s premier providers of cybersecurity solutions, Booz Allen must be able to help its clients prepare for what’s next.

“Everybody is on this journey, figuring out what they need to do and how fast they need to do it,” Amanda notes. “We’re in the cybersecurity space across industries. What do we need to do to support and enable a resilient business?” 

To answer this question, Booz Allen adopts a “Client Zero” mentality.

The Client Zero approach plays out in information security in many ways, Amanda explains. One way, for example, could be collaborating with Booz Allen’s quantum team to prepare for a post-quantum computing world. Or evaluating how AI capabilities developed for clients and commercial incident response practices can be used at Booz Allen’s own fusion center.

“These partnerships are invaluable,” Amanda says. “They give our own internal cyber capabilities a competitive advantage and enable our market teams to securely deliver client solutions.”

Amanda has seen many changes in the CISO position itself, starting with the path to the job.

A future CISO can start out as a linguist—as Amanda did—in engineering, as an analyst, or with a variety of other backgrounds. “The great thing is that there's value in all of those different perspectives,” she says.

Meanwhile, the CISO’s responsibilities have both expanded and elevated in importance. “We are expected to be in the boardroom having business conversations with board members, audit committee members, and other C-level executives, giving our perspectives on topics like new threats, supply chain risks, incidents and responses, business continuity, and resilience.”

It's a complex and constantly changing role, and Amanda offers a few pieces of advice for those interested in a similar path. First, as you progress through your career, protect your time and energy.

“There are going to be a lot of people jockeying for your time and attention and lots of opportunities for you to give back to the community and the industry,” she says. “First, know your own needs for self-care and your boundaries, so you can bring your best self to work every day—because the people you work with will need your best self.”

Secondly, be a lifelong learner. “I think this is really important in our field,” says Amanda. “It gives you different perspectives and allows you to ask good questions.”