How Biden's cybersecurity expert shielded the campaign from hackers – Business Insider

  • As a cybersecurity expert for the Biden 2020 campaign, Jackie Singh was tasked with preventing hacks like the disastrous email leak that struck Hillary Clinton’s 2016 campaign.
  • In a wide-ranging interview, Singh told Business Insider how her career led her to the Biden campaign in the first place, and what she had planned next.
  • Singh is a hacker turned entrepreneur who dropped out of high school before joining the military.
  • She has faced sexism and discrimination during her career as a woman of color, she said, but hopes her story will inspire more people of underrepresented backgrounds to pursue cybersecurity.
  • And Singh said the largely white and male cybersecurity industry’s toxic culture needed to change and that she was wary of taking a job at Facebook.
  • Visit Business Insider’s homepage for more stories.

Jackie Singh sees threats everywhere.

Every unfamiliar email could be a hacker trying to gain access or information. A single oversight could compromise even the best-laid security apparatus. It even occurred to Singh that sleeping was risky, she told Business Insider: If a hacker mapped out when she started and stopped posting on Twitter every day, they might be able to figure out — and exploit — her sleep schedule.

If Singh sounds paranoid, it’s because paranoia has been a job requirement over the past several months. She served as a top cybersecurity expert for President-elect Joe Biden’s 2020 campaign starting in July — the campaign’s second cybersecurity hire after Chris DeRusha, the campaign’s chief information security officer. Singh was tasked with protecting against any attempts to breach the campaign’s systems and steal information.

Singh is a hacker turned entrepreneur who dropped out of high school before joining the military. She said she felt compelled to work for the Biden campaign out of a sense of civic duty and because of her frustrations with President Donald Trump and his administration. She had years of experience in cybersecurity but had never worked for a political campaign.

“I was looking for some way to not feel so helpless every day,” Singh said.

Once hired, her biggest mandate was to prevent a “nightmare scenario,” like the one that happened to Hillary Clinton in 2016, when Russian hackers skirted her presidential campaign’s cybersecurity protections, stole thousands of emails belonging to Chairman John Podesta, and leaked them online.

“My personal concern was a hack and leak because that could be really damaging,” Singh said. “But the overall concern is any type of unauthorized access … Preventing anybody from getting access to our systems and being able to impact our confidentiality, our integrity, or our availability — those are critical.”

Singh and her team appear to have been successful, as the Biden campaign didn’t suffer any high-profile hacks, and its internal communications remain private.

Singh attributes that feat to a “zero-trust” model that required employees to verify their identity at every step, as well as widespread trainings to keep campaign staff on the lookout for phishing emails. She also said the Biden campaign took the unusual step of placing all information-technology staff under the purview of the chief information security officer, which ensured that security was built into the organization’s tech operations.

“In the traditional cybersecurity world, we’re used to thinking of a hard, crunchy perimeter and then a soft and mushy interior, so we focus on making that wall as high as we can. But as we’ve seen again and again, those walls don’t work because it really only takes one problem or one misconfiguration or one oversight for an attacker to get in,” Singh said.

Ultimately, she said, her experiences with the Biden campaign in light of her background prove that hackers can be more than pranksters and cybercriminals — if only they’d grow up. 

“I think we need to take deeper responsibility for our country, especially the folks that have greater privilege, like us in cybersecurity,” she added. “We’re the techno-haves, right? Most everybody else is a have-not, not really [knowing] what they’re working with. I think it really falls to the folks who do understand what that looks like to help solve these problems.”

When Singh decided to go public with her role in the campaign, she knew she would face attacks — but she wanted to show that women of color can lead in cybersecurity

For all the stress and anxiety that came with her day job, the election cycle took a personal toll on Singh, too.

Singh initially planned to keep a low profile while working on the campaign but changed her mind when Biden selected Sen. Kamala Harris as his running mate in August, she said.

Like Harris, Singh’s ancestry is South Asian and Afro-Caribbean. Singh’s father is from India, and her mother is from the Dominican Republic. She said she was bowled over with emotion at the realization that Harris could be the first Black South Asian vice president.

After Harris was announced as Biden’s running mate, Singh asked her boss if she could publicly announce her role in the campaign.

“I thought, ‘My daughters need this representation. All of our daughters need this representation,'” Singh said.

It wasn’t an easy decision: “I also knew that I’d become a target, and I had to really seriously consider what that was going to be like,” she added.

That prediction would ultimately come true. The news that she was working on the Biden campaign was met with online harassment, up to and including an anonymous Twitter user sharing a Google Street View screenshot of her home with threats to reveal her home address. Twitter declined to take that tweet down. A Twitter spokesperson declined to comment.

Expecting harassment beforehand didn’t make the experience any less of a nightmare as it took place, she said.

“It was absolutely horrifying during the time that it was happening,” she said.

At the same time, it wasn’t her first experience with this kind of behavior. Singh has spent most of her life in hacker circles and said she was used to vitriolic attacks from anonymous accounts, as well as more insidious forms of racism and sexism in the largely white and male field of cybersecurity.

“It’s not unusual to me, and it’s not confusing to see attacks on prominent women of color. It makes some people really frustrated and upset to see me up there. And I think what they must be thinking is, ‘I belong up there. I deserve to be up there. Why is she up there?'” Singh said. “I don’t really have any answer for that, other than I’ve worked my ass off.”

Singh said it was not the first time she had faced consequences for speaking out, either.

She previously worked at the consulting giant Accenture, where she alleged that she was placed on administrative leave and ultimately fired after raising concerns about sexism in the workplace during a call with her managers. An Accenture spokesperson declined to comment, saying the company does not discuss personnel matters.

Hacking has been Singh’s passion since she was a teen

Singh said her passion for hacking started when she was 13, when she taught herself to code and immersed herself in hacker culture. She joined online discussion forums and attended real-life meetups for Linux users and readers of the storied hacker magazine 2600.

At the time, Singh said she was primarily interested in figuring out how to hack into systems at her school and meddle with vending machines to get free food. At 16, she got her GED diploma and dropped out of high school to spend more time with her hacker friends.

“A lot of the people that I met through the 2600 community were not people who are very well off but people who are disadvantaged in some way and looking for ways to improve their own lot in life,” Singh said. “This was a time back before we even knew it was a job. I didn’t know that this was something that you do for a living.”

Singh joined the military at 17 and worked as a tank mechanic in Iraq, where she said she “absolutely hated” the rigidity and strict adherence to rules that came with military service. After serving, Singh used her military training and security clearance to get work as a contractor for the Pentagon, returning to Iraq and later to US bases in Africa.

Singh realized her skill set was a good fit for the cybersecurity industry, she said. She subsequently took jobs in the field at Mandiant, Intel, and Accenture. But her experience at Accenture left her feeling directionless in her career. 

“It was kind of shocking for me. I’m at this pivot point in my life, you know, what should I really do?” Singh said. “I came to realize that I was playing a game that I was very likely not going to be able to win without making major concessions as to how I present myself and, like, the ethics and values that I hold personally.”

Singh thinks it’s time for hackers to grow up

After a trip to Peru, where she “drank a bunch of Ayahuasca,” she decided to “do the tech-founder thing,” she said. She and her partner Jason Schorr founded Spyglass Security in 2018 and began consulting with public-sector clients and as subcontractors with larger security firms like FireEye.

Ultimately, Spyglass didn’t quite work out: Raising funding was a “fool’s errand,” Singh said, with Silicon Valley venture capitalists urging them to sell software, not just consulting services. Talks to sell the business to another small consultancy stalled out when Singh took a leave of absence to work on the Biden campaign.

Now that the 2020 campaign is over, and Biden is the president-elect, Singh is once again a free agent, with her future in flux. She said she and Schorr were thinking about shuttering Spyglass soon because of her “lack of interest” in returning, and she is now considering opportunities that align with her newfound interest in public service. 

In fact, Singh said she already turned down a job offer in threat intelligence at Facebook, feeling that the company hasn’t been responsible in its handling of misinformation and hate speech on the platform.

“I don’t think Facebook has a very ethical mission anymore. I think folks inside Facebook kind of delude themselves into ignoring some of the things that are going on. It’s essentially a right-wing media company at this point,” Singh said. A Facebook spokesperson declined to comment.

At the same time, her experiences with online harassment have made her wary of returning to the cybersecurity industry at large.

According to Singh, she has reason to suspect that some of the antagonism she faced on Twitter after going public as part of the Biden campaign came from members of the same hacker groups that helped make her into the cybersecurity expert she is today.

Singh said that suspicion highlighted how the cybersecurity industry in general has a problem with toxicity, where even the people doing nominally important work either accept harassment or perpetrate it. One of the anonymous Twitter accounts dedicated to harassing her, @Illm0b, is named after a notorious now deleted Facebook group where prominent names in cybersecurity were found to spread racist and misogynistic vitriol. 

For the industry to mature, Singh suggested it was up to people like her to distance themselves from anybody who gives hackers that kind of bad name.

“There are people in the security community who behave like white hats during the day, but then they’re doing weird black-hat s— at night. I don’t want to be associated with that,” Singh said. “Folks like me who came up in the hacker community have to be continually pruning their social network to remove elements that have revealed themselves to be undesirable in an adult context.”


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.