Phillips brings a decade of information security experience to the job.
New York City’s effort to consolidate its cybersecurity operations into one enterprisewide command center has just taken a major step forward with the appointment of Quiessence Phillips as deputy chief information security officer.
The move puts Phillips in a position to help lead the agency, which is still in the building stages after Mayor Bill de Blasio willed it into existence with an executive order in July. Cyber Command will take a previously decentralized cybersecurity operation and bring it all under one roof, where Phillips and Chief Information Security Officer Geoffrey Brown will oversee a 24/7 team dedicated to keeping the city’s IT systems safe.
In fact, the launch of Cyber Command is a big part of what drew Phillips in after spending the majority of her career working on information security in the financial industry.
“One thing that drew me toward going public, and I never thought I would, is the importance of protecting the city and the public and the launch of the New York Cyber Command,” she said.
Phillips said cybersecurity isn’t so different between the public and private sectors, at least in some ways. Many of the technology-specific concerns remain the same.
The big difference is in the risk profile. A bank might have a person’s name, address and financial information, maybe a Social Security number. A public agency could have those things and more.
“From a public perspective, it goes so much deeper,” she said. “If you look at people who are on benefits or welfare, or people waiting for checks … you have this increased level of risk.”
Phillips brings a packed résumé to the task of protecting that sensitive information. After earning a computer science degree from the City University of New York, she landed an internship with the Federal Reserve Bank of New York’s information security team. She would spend six years there before heading for the private sector, eventually becoming Barclays’ vice president of cybersecurity operations for incident response. She also has three active certifications through the Global Information Assurance Certification program, with another pending.
All told, she’s spent a full decade in information security.
That’s a long time in the world of technology, and Phillips has been there to watch cybersecurity evolve. When she was first entering the field, iPhones were just beginning to hit the market. Microsoft’s hot new operating system was Vista. Google Chrome had yet to be released.
And cybersecurity was not nearly the major public concern it was today. In recent years, the U.S. Office of Personnel Management, the Democratic National Committee and Dyn were all victims of major hacking attacks. In recent months, breaches at Equifax and Deloitte have been making headlines. Back when she graduated from college, Philipps said, many people didn't understand the importance her field would come to claim on the national stage.
“The importance was always there, it just wasn’t seen by as many people, companies or organizations,” she said. “So I would just say that cybersecurity is just applied to many more verticals than it was previously.”
Phillips has reason to think the threats will grow larger. Between connected mobile devices, an increasing number of “smart” devices enjoining the Internet of Things and an ever-expanding array of websites signing up users for new accounts, the cybersecurity broadside is getting bigger.
“It’s a no-brainer that (cybersecurity) has expanded the way it has over the years,” she said.
The strength of New York’s approach with the Cyber Command initiative, she said, is that it gives the city better visibility as those threats evolve. The command center will oversee more than 100 agencies service the largest single population of any U.S. city. A decentralized operation might be able to monitor and react to threats, but it makes communication harder.
Having everything in one place will mean people like Phillips will be able to see trends more quickly, if, for example, hackers were to target three of the city’s agencies at once.
“Just having that info under one cybercommand lets you see the breadth and the depth of the threats and the risk profile,” she said.
And as the worldwide threat landscape changes, Phillips thinks New York City will be in a better position to keep up.
“If our people are not attuned, they become the weakest link,” she said.