In this episode, hosts Michael Farnum and Sam Van Ryder sit down with Valerie Moon, Executive Director of the Institute for Critical Infrastructure Technology (ICIT) for a wide-ranging discussion about cybersecurity policy, workforce development, and the growing threats facing critical infrastructure.
SHOW NOTES:
Things Mentioned:
- Website for ICIT: https://www.icitech.org/
- Upcoming CYBR.SEC.Community events: https://www.cybrsecmedia.com/conference/
- CYBR.SEC.Careers: https://www.linkedin.com/company/cybr-sec-careers/about/ fundraisers:
- Cards for a Cause: https://www.linkedin.com/posts/cybr-sec-careers_cybrseccareers-nonprofit-cybersecurity-activity-7436794892787359744-v4Cz
- CYBR CLAY SHOOT: https://www.linkedin.com/posts/cybr-sec-careers_cybrclayshoot-cybersecurity-cybercareers-activity-7435353518951084033-1iw9
- Proceeds support CYBR.SEC.Careers mission is to build a strong, diverse workforce by providing career exposure, access to education and certifications, and mentorship for students and veterans pursuing careers in cybersecurity.
EPISODE 65 Timestamps:
02:00 – Valerie Moon’s origin story
Moon explains how her career began at the FBI’s Los Angeles field office after graduating from UCLA with degrees in economics and accounting. She started in financial auditing before moving into leadership roles managing budgets for major FBI divisions.
04:45 – Entering the cyber policy world
Moon describes how her work intersected with cyber investigations during a pivotal moment when the FBI was reorganizing how it handles cybercrime. The agency shifted from geographically focused investigations to specialized “strategic” and “tactical” cyber offices dedicated to tracking specific threat actors such as advanced persistent threats (APTs).
07:30 – Retaining cyber talent in government
Moon discusses one of the FBI’s major workforce challenges: retaining skilled cyber professionals who are often recruited by the private sector for significantly higher salaries. The bureau experimented with new organizational structures and geographic flexibility to retain talent longer.
10:00 – Work on the Cyberspace Solarium Commission
Moon recounts her role as the FBI’s senior detail to the Cyberspace Solarium Commission, which produced more than 80 cybersecurity policy recommendations. Many of these recommendations later became law and strengthened the role of the Cybersecurity and Infrastructure Security Agency (CISA).
11:30 – Moving to CISA
After the commission’s work concluded, Moon joined CISA as Chief Strategy Officer. She describes the unique opportunity to help implement policies she helped design and shape how the federal government approaches cybersecurity and critical infrastructure protection.
13:00 – How the U.S. organizes critical infrastructure protection
Moon explains the U.S. framework for critical infrastructure security, which divides the economy into 16 infrastructure sectors (such as energy, water, and transportation), each with designated federal agencies responsible for risk management.
14:00 – Differences between the FBI and CISA
Moon compares the two organizations. The FBI operates as a large law enforcement and national security agency, while CISA is a much smaller organization focused on coordinating national infrastructure defense and cyber resilience across government and industry.
16:00 – Cybersecurity policy and bipartisan cooperation
Moon highlights the Cyberspace Solarium Commission as an example of successful bipartisan policymaking, noting that cybersecurity legislation has historically been difficult to pass because oversight is spread across dozens of congressional committees.
17:00 – AI and the lowering barrier to cybercrime
Moon discusses how AI and automation are making cybercrime easier to execute, reducing the technical skill required to launch attacks and creating new challenges for defenders.
18:00 – Cyber workforce shortages
The conversation shifts to cybersecurity workforce development. Moon notes that while cybersecurity jobs remain plentiful, many organizations struggle to hire entry-level talent because employers increasingly demand experience.
20:00 – The role of government in workforce development
Moon emphasizes the importance of government internships, training programs, and public-sector experience in developing cybersecurity professionals. Many cyber experts working in private industry first developed their skills in government roles.
22:00 – Protecting critical infrastructure
Moon warns that critical infrastructure—including water utilities, energy systems, and transportation networks—is increasingly targeted by nation-state actors and cybercriminal groups.
23:30 – Small communities face major security challenges
She explains that many small municipalities and utilities lack cybersecurity expertise or resources. In some rural water systems, a single employee may handle operations, physical security, IT, and compliance simultaneously.
26:30 – Creative solutions to the cyber talent shortage
Moon highlights programs like student-run security operations centers (SOCs) and volunteer cybersecurity initiatives that support under-resourced organizations while providing hands-on training for future cyber professionals.
29:00 – Final thoughts
Moon emphasizes the need for greater collaboration, creative workforce solutions, and stronger national awareness of cybersecurity risks to protect critical infrastructure in an increasingly unstable geopolitical environment.
Do you have a question for the hosts? Reach out to us at media@cscgroupllc.com
Keep up with CYBR.SEC.CON.:
Keep up with CYBR.SEC.Media:
Check out our Conferences and Events:
Support or apply to our Scholarship Program:
Subscribe to the podcast:
In this episode:
- Host: Michael Farnum
- Host: Sam Van Ryder
- Guest: Valerie Moon
- Production and editing: Lauren Andrus
- Music by: August Honey
