Claudia Muller is one of the six outstanding individuals recently awarded a National Intelligence Community and National Security College Scholarship for Women.
Between full-time work at a cyber security organisation and studying the Master of National Security Policy degree she is now enrolled in, she caught up with us to talk about her security journey so far.
Thanks for your time, Claudia. When you were younger, what did you want to be when you grew up?
Initially, Nikki Webster – specifically, Nikki Webster at the opening ceremony of the Sydney Olympic Games. I progressed at some point to wanting to become a meteorologist because I loved interpreting weather charts on the Bureau of Mereology website. I eventually graduated to James Bond – I think I’ve read the series four times.
What did you study for your undergraduate degree?
I studied a Bachelor of Counter Terrorism, Security, and Intelligence at Edith Cowan University in Western Australia. I was a remote student the whole time except for a three-month placement at a critical infrastructure provider in Perth.
What first got you interested in the field of national security?
I have gravitated towards trying to understand how the world works, and how and why the chess pieces move for longer than I can remember. The intelligence and national security world is a natural fit for me to understand and influence that.
Do you have any specific areas of interest?
I’m an intelligence analysis puritan, courtesy of my undergrad, and have spent a lot of time focused on violent extremism and physical security design. However, I’d say I’m now as specialised, if not more, in cyber security and cyber intelligence.
How do you think Australia is currently placed in regard to cyber threats?
The short answer is not well, but it could be worse. Cyber resilience has improved across Australia in the last few years with increased awareness, but it’s not where it needs to be to match the capability and operational tempo of adversaries. Most organisations have increased their efforts and resources on trying to improve cyber security, but overall the approach is quite scattergun.
The long answer is that, for me, there are three big points and upshots that summarise where we are and where we need to go.
Firstly, to demystify a little, cyberspace does not entail a whole new breed of adversaries with new and fandangled objectives. It provides additional tools and opportunities for the same types of adversaries with the same objectives that have long been floating around the national security space. The upshot here is that cyber, physical and personnel security are highly interoperable from the threat perspective, but as a country, we are a long way from having that mature, integrated defence in place across the board.
Secondly, one of the key tenets of the security literature is that security is context dependent. That sounds a little jargony and it took me a while to get my head around it, but the point is that what it means to be secure will vary completely across different entities in different environments and with different assets and threats. Australian organisations need to understand what their context is for cyber security to be effective – and when they don’t, the result is that scattergun approach. To understand their context, they need intelligence.
That ties in with my final point. Another tenet of the literature is that defensive security isn’t about stopping all attacks – that’s not possible. A determined and well-resourced adversary will always circumvent defences eventually – unless they’re neutralised. Instead, it’s about a few things that can reduce risk if effective measures are in place. Deterrence is the most ideal outcome, but with what I judge to be inadequate cyber resilience and given how plausibly deniable cyber attacks can be, there isn’t a lot of deterrence going on at the moment. Certainly not within your average organisation. More practically, defensive security is about preventing an attack temporarily or delaying an adversary during an attack so that response functions kick in before they achieve their objective. The upshot this time is that with finite resources, it’s not good enough to throw money at the problem. It’s critical that organisations spend their money and effort on the controls that best protect them from their most significant threats – which means understanding their context, threat picture and the tradecraft these threats use, which again means they need intelligence.
Are there any courses or themes you are most looking forward to learning more about while studying the Master of National Security Policy?
I’m really looking forward to doing more intensive courses which enable mini deep dives on specific topics, and other electives like Coercion and National Security and Leadership, Risk and National Security Crisis Management.
Do you have any advice for women who are considering applying for the National Intelligence Community and National Security College Scholarship for Women?
Apply! It is not a strenuous process and the only guarantee that you won’t be successful is if you don’t apply. It’s a hugely generous scholarship financially, with 100% tuition covered, but for me it’s more than that. The people who provide and organise the scholarship have a vested interest in recipients’ careers. They will be a sounding board and help you build relationships with people who you would never otherwise have access to.
Where do you see yourself in 10 years?
Solving wicked problems related to the most pressing national security issue of the day, in a high performing team and (hopefully) sometimes in amazing far-flung places.
All the best with your studies, Claudia. And thanks for your time!
One additional National Intelligence Community and National Security College Scholarship for Women will be awarded in 2022. Expressions of interest should be sent to firstname.lastname@example.org.