From the White House and DHS to Entrepreneurship: Charting Her Path in Mission-Driven Cybersecurity
Published
Key Takeaways
- Safran views cybersecurity as mission-driven work tied to protecting institutions and society.
- KeyCaliber develops technology designed to automate and continuously track the dependencies that underpin business processes.
- Manual mapping of business processes and dependencies often leaves organizations unprepared for incidents.
- Graph-based analysis helps investigators understand asset relationships and potential lateral movement.
- Practitioner communities provide practical insights that formal education sometimes cannot replicate.
Roselle Safran, CEO and Founder of KeyCaliber, has built her cybersecurity career around purpose, public service, and practical security thinking. For International Women’s Day 2026, we asked how her experience with the U.S. government inspired her journey in cybersecurity.
Before founding KeyCaliber, Safran worked in roles dedicated to protecting national infrastructure and government systems, including positions in the Executive Office of the President and the U.S. Department of Homeland Security. Those experiences reinforced her view of cybersecurity as mission-driven, focused on protecting critical institutions and people’s trust.
When she joined the government, there weren’t many women, but that did not discourage Safran. Instead, she valued being in a role dedicated to defending networks supporting White House operations.
Safran reflects on top-level decisions that influence security across the organization, and the importance of hands-on experience for aspiring professionals to understand how cybersecurity risks are managed in practice.
Vishwa: How did your experience in the Executive Office of the President and the U.S. Department of Homeland Security shape how you approach cybersecurity?
Roselle: I decided to work for the government because I wanted to be in an environment where I felt strongly about the mission. Working at EOP during the Obama Administration was truly an honor, and I sincerely valued being in a role dedicated to defending the network used by the White House.Â
Every day I stepped into the office, I felt how meaningful and important my work was. When I worked at US-CERT within DHS, the mission of the division was to improve the security posture of government agencies and critical infrastructure.
So there too I was in a role where the work was purposeful and significant. I've always viewed cybersecurity as a way to better society, and I carried that same perspective into entrepreneurship. I'm very much a mission-driven founder.Â
Vishwa: Based on your experience across government and industry, what steps should women take to gain a foothold in cybersecurity roles?
Roselle: The first step is recognizing that you can excel at a job where not everyone looks like you. Just because there aren't many women in the field doesn't mean you should dismiss it. If it interests you, go for it!Â
The second step is to develop some skills in the field, whether you're studying on your own, enrolling in formal classes, or taking on security work at your current job when you're in an adjacent field. But don't feel that you must have a master's degree before you can start working in the industry!Â
The third step is to just start applying for jobs even when you don't meet all the "requirements". Job postings are often excessively verbose when employers are primarily looking for a handful of critical skills and attributes - one of which is self-motivation.Â
Vishwa: In leadership roles, what decisions tend to have the greatest downstream impact on security outcomes, even if they seem minor at the time?
Roselle: The leader of the organization (i.e., CEO/President/Executive Director) must make it clear that security is a priority. The tone at the top matters. If the CEO does not value security, the cybersecurity leader will face a very tough uphill battle that is already challenging enough.Â
Instead of being able to focus on defending against adversaries, he/she will also need to contend with defending against unnecessary pushback within his/her organization.
Vishwa: How do teams map technical assets and their dependencies to business processes, say for risk prioritization?
Roselle: Many organizations manually determine the components of a business process. They ask the engineering team to document dependencies and periodically provide updates. Or they attempt to learn the information by conducting interviews or surveys. This is a very burdensome procedure, so it's often completed on an infrequent basis (i.e., once every year or two) or it is neglected entirely.
Some organizations learn the hard way when a cyber attack or IT outage occurs. That's why we've built technology to make the process automated and continuous. Cyber resilience is absolutely paramount for organizations of all sizes. And it starts with understanding the critical assets and business applications that constitute essential business processes.
Vishwa: During an incident investigation, how is graph-based analysis applied in practice, from ingesting initial signals and threat artifacts to mitigation?
Roselle: Two types of graphs can be especially useful when investigating an incident. The first type of graph shows how assets are connected within the environment. (We show this graph for every asset and business application.) This allows the analyst to understand where an actor may move laterally and what the extent of the 'blast radius' is. It can also potentially be used to uncover which asset was compromised first ("patient zero").Â
The second type of graph shows how indicators and incidents are related to one another. For example, you may have one incident with an MD5 hash for a malware file that uses abc.xyz as a command and control (C2) domain. And then another incident comes in with a different MD5 but the same C2.Â
You can see the incidents are related, which can accelerate the analysis of the new incident because you have all the tactics, techniques, and procedures (TTPs) from the previous incident.Â
Vishwa: How do practitioner communities and peer exchanges contribute to learning approaches that are often difficult to gain through formal training?
Roselle: One of the challenges with formal training, particularly university/college classes, is that it can sometimes be more theoretical than practical. Thinking through a scenario on paper is a very different experience from working through an incident under stress, confusion, and time pressure.Â
Practitioner communities and peer exchanges allow folks to share real-world experiences so that those who have not gone through it can be better prepared if/when they face a similar situation. A conversation with a peer about looking into X when Y happens could save an analyst hours of investigation time when speed is key.Â
Also, since a threat actor often follows the same playbook for multiple targets, exchanging information when one organization is hit gives peer organizations a chance to be proactive and prevent the same attack.
Vishwa: Are there professionals in cybersecurity, including women leaders, whose approach to problem-solving or leadership has influenced you?
Roselle: To be perfectly honest, I'm not influenced by others. I chart my own path based on what I find interesting and meaningful. The approach has its pros and cons!Â
Vishwa: For someone entering cybersecurity, what steps or experiences help them build practical skills and understand real-world risk handling?
Roselle: Focus on ensuring that your own cybersecurity is solid. Make sure you are securing your home network, laptops, phones, email, smart home appliances, etc. This process alone will give you some understanding of what a cybersecurity leader needs to do on a much larger scale.Â
You'll need to learn about different security methodologies, attack vectors, technologies, etc. Document the procedures you followed, what you learned, and the technology you used. This way, you create a body of work that shows both motivation and an understanding of what the work entails.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular