Tarah Wheeler: Cybersecurity Leader and CISO Strengthening Critical Infrastructure Through Social Science Insights

Published:

spot_img

Tarah Wheeler: Cybersecurity Leader and CISO Strengthening Critical Infrastructure Through Social Science Insights

Tarah Wheeler, currently serving as the Chief Information Security Officer (CISO) at TPO Group, has carved a unique path in the cybersecurity landscape. TPO Group specializes in technology, policy, and operations, providing critical cybersecurity consultancy to high-stakes organizations, including federal agencies and essential industries. Despite her prominent role, Wheeler’s journey into cybersecurity is anything but conventional.

Wheeler describes her entry into the field as serendipitous rather than intentional. “I absolutely did not choose this career on purpose,” she remarked. “No, I fell backwards into it. I feel like this career dragged me into an alley, coshed me over the head, and said, ‘You’re one of us now, kid.’” This vivid metaphor captures the unexpected nature of her professional evolution.

Born in Washington, Wheeler is currently pursuing studies at Oxford University in the UK. She identifies primarily as a social scientist and writer, emphasizing that cybersecurity offers a unique lens through which to observe human behavior. “There is no better place than cybersecurity to see how people behave when they think they’re not being observed,” she explained. This perspective positions cybersecurity as an arena for exploring interpersonal dynamics, including collaboration, leadership, and international relations.

Diverse Experience in Cybersecurity

Wheeler’s extensive experience spans various roles within cybersecurity, including red team operations, SecOps, and compliance. “I’ve been red team, I’ve been purple team, I’ve been SecOps, and I’ve been in physical, digital, and social cybersecurity,” she stated. Her current focus on risk and compliance stems from her interest in understanding the broader impact of human actions on organizational security. “Compliance policy is how you make 50,000 people behave slightly better when it comes to security,” she noted, highlighting the importance of collective behavior in cybersecurity.

Her passion for social science has significantly influenced her career trajectory. Wheeler has authored notable works, including a feature for Foreign Policy titled In Cyberwar, There Are No Rules, and the book Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories. She has also contributed policy papers to esteemed institutions such as the Council on Foreign Relations and Harvard’s Belfer Center.

Wheeler’s career has been marked by leadership roles, including her position as CISO at Red Queen Technologies and her current role at TPO Group, which was founded in 2022. A significant milestone in her career occurred when she testified before the U.S. Senate Committee on Homeland Security & Governmental Affairs regarding the Cyber Safety Review Board in 2024.

The Interplay of Social Science and Cybersecurity

Throughout her career, Wheeler has maintained a focus on social science, recognizing its relevance to cybersecurity. “The first case studies I ever did when I was in college were histories of conflict with China, Russia, and North Korea. And now I’m back again, dealing with conflict with China, Russia, and North Korea,” she remarked, illustrating how her academic background informs her current work.

Her expertise extends beyond cybersecurity; she has served as a security fellow at New America, concentrating on issues related to South Asia, the Middle East, and extremist groups. Additionally, she holds a life membership at the Council on Foreign Relations and serves on the board of directors at the Electronic Frontier Foundation (EFF).

Wheeler’s enthusiasm for her work is evident in her approach to leadership and community engagement. She founded and hosts the annual EFF Benefit Poker Tournament at DEF CON, which has grown significantly over the years. “It’s a blast,” she said, reflecting her belief in the importance of combining work with enjoyment.

Defining a Hacker

Wheeler’s insights extend to the definition of a hacker, a term that often lacks a universally accepted meaning. “A hacker is a person with a certain set of skills,” she explained, referencing McKenzie Wark’s A Hacker Manifesto. She further elaborated, “Hacking is not a crime. It’s a set of survival traits, the ability to see the world orthogonally, to see how it is fragile.” According to Wheeler, individuals who use these skills for constructive purposes are hackers, while those who exploit them for malicious intent are simply criminals.

Leadership in Cybersecurity

Wheeler emphasizes that effective leadership in cybersecurity requires a willingness to set aside personal ego. “The ability to subsume your own ego is crucial,” she stated. Leaders should empower others to excel in their roles, often taking no credit for their successes. This philosophy underscores her belief that anyone can be a leader if they prioritize the achievements of their team.

She also advocates for the value of diverse interests outside of cybersecurity. “I don’t see how they cannot help,” she said, noting that engaging in different intellectual pursuits can enhance one’s ability to communicate complex security concepts to non-technical stakeholders. “The more cross-disciplinary interests you have, the better senior practitioner of cybersecurity you become,” she asserted.

Wheeler’s personal interests include aviation, as she is a student pilot. “When you fly a plane for the first time, the last thing on your mind will be your day job,” she explained. This perspective offers a refreshing break from the pressures of cybersecurity and serves as a reminder of the importance of maintaining balance.

Addressing Burnout

Burnout is a significant concern in the cybersecurity field, and Wheeler believes it often stems from feelings of entrapment. “Burnout is what happens when people feel trapped in their situation,” she noted. She attributes this phenomenon to various factors, including the pressures of modern capitalism and personal circumstances.

Wheeler emphasizes that addressing burnout requires understanding the root causes of individuals’ feelings of entrapment. “The solution is not to give them a self-care instruction but to figure out why they’re trapped and help them escape the trap,” she stated. This approach highlights the need for systemic changes in workplace culture and support systems.

Lessons Learned and Future Concerns

Wheeler’s journey has been shaped by valuable lessons and advice from mentors. A pivotal moment occurred during a cybersecurity crisis when her boss advised her, “In two years, this is going to be a story you tell yourself about something that once happened to you.” This perspective encourages resilience and underscores the transient nature of challenges.

At a technical level, Wheeler recalls advice from Jon Callas, co-founder of PGP Corporation, who emphasized the importance of focusing on effective communication rather than getting bogged down in technical minutiae. “Your job is to explain this technology to other people,” Callas advised, reinforcing the significance of clarity in cybersecurity communication.

Wheeler encourages others to embrace failure as a part of the learning process. “Fail hard and fail often,” she suggests, emphasizing that the ratio of acceptable failures to successes is crucial for achieving significant accomplishments.

As Wheeler continues her work in cybersecurity, she expresses concern about the lack of reliable data and benchmarks in the field. “I worry about the lack of ground truth in cybersecurity,” she stated. The absence of industry statistics complicates decision-making and undermines the ability to assess the effectiveness of security measures.

Wheeler’s passion for establishing a foundation of truth in cybersecurity is evident. “We don’t have central repositories and sources of truth, and as a result, we don’t have a firm footing upon which to make our decisions,” she explained. This lack of clarity poses challenges for professionals navigating the complex landscape of cybersecurity.

For more insights on cybersecurity and its evolving landscape, visit SecurityWeek.

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.

spot_img

Related articles

Recent articles

India’s Scrutiny of WhatsApp’s Username Feature Signals a Shift in Cybersecurity Policy

India’s Scrutiny of WhatsApp's Username Feature Signals a Shift in Cybersecurity Policy India's recent examination of WhatsApp's username feature marks a significant turning point in...

DEBULL Tooling Exploits Microsoft Device-Code Flow to Compromise M365 Accounts

DEBULL Tooling Exploits Microsoft Device-Code Flow to Compromise M365 Accounts A recent surge in device code phishing campaigns targeting Microsoft 365 accounts has raised alarms...

Bitdefender’s 2026 Cybersecurity Assessment Exposes Critical Gaps in AI Threat Management

Bitdefender's 2026 cybersecurity Assessment Exposes Critical Gaps in AI Threat Management In an era marked by rapid technological advancement, the latest findings from Bitdefender's 2026...

Gulf States Accelerate Cybersecurity Measures Amid Surge in Attacks and Geopolitical Tensions

Gulf States Accelerate Cybersecurity Measures Amid Surge in Attacks and Geopolitical Tensions A significant rise in cyberattacks, coupled with physical strikes on cloud infrastructure and...