Expert Bio
Tarah Wheeler is senior fellow for global cyber policy at the Council on Foreign Relations (CFR). Wheeler is also CEO of the cybersecurity compliance company Red Queen Dynamics.
She is also an information security executive, social scientist in the area of international conflict, and author. She is an Electronic Frontier Foundation advisory board member and a Foreign Policy contributor on cyber warfare. She is the author of the best-selling Women In Tech: Take Your Career to The Next Level With Practical Advice And Inspiring Stories. She has been the Brookings Institution’s contributing cybersecurity editor, a cyber project fellow at the Belfer Center for Science and International Affairs at Harvard University‘s Kennedy School of Government, an international security fellow at New America leading a new international cybersecurity capacity building project with the Hewlett Foundation’s cyber initiative, and a U.S./UK Fulbright scholar in cyber security.
Wheeler has been head of offensive security and technical data privacy at Splunk and senior director of engineering and principal security advocate at Symantec Website Security. She has led projects at Microsoft Game Studios (Halo and Lips) and architected systems at encrypted mobile communications firm Silent Circle. She has spoken on information security at the European Union, Malaysian Securities Commission, OECD and FTC, for Foreign Policy, universities such as Stanford University, American University, West Point, and Oxford University, and multiple governmental and industry conferences.
affiliations
- Electronic Frontier Foundation, advisory board member
- Red Queen Dynamics, chief executive officer
-
Small businesses are critical to U.S. national security. They’re also increasingly targeted by foreign cyberattacks. The federal government can do more to protect them.
-
The Securities and Exchanges Commission is emphasizing the concept of “materiality” in cybersecurity. Materiality will graduate cybersecurity to an enterprise risk and force public companies to rethink their approach to cyber risk.
-
-
Encryption, cybersecurity, and technology policies, like the RESTRICT and EARN-IT Acts, with nonexistent tradeoffs address symptoms, not problems, and they do it badly.
-
Election security has been a major issue since the 2020 U.S. election. Policymakers and members of the public must take several concrete steps to ensure that elections are secure and free from interference.
-
Recruiting problems in cybersecurity will continue until private and public sector organizations make defenders' mental health a priority and policymakers address the poorly written Computer Fraud and Abuse Act.
-
The EARN IT Act is back for a third time. The current version purports to both maintain privacy and protect children, but this is a false dichotomy; the act would expand state power and decrease users' privacy.
-
Montana banned TikTok a month ago. Enforcing this ban would require the creation of a surveillance regime that would be far more detrimental to privacy and civil liberties than TikTok could ever be.
-
The U.S. Cybersecurity Review Board was established to provide a definitive history of major cyber incidents. Today it has fallen away from that mission, but there are three incidents to investigate which can get it back on track.
-
Recent regulations have focused on adding cybersecurity experience to company boards. However, companies would be better served if CISOs were required to gain expertise in business risk communications.
-
For years, the world thought of the internet as a borderless zone that brought people from around the world together. But as governments pursue very different regulatory paths, the monolithic internet is breaking apart. Now, where there had been one, there are at least three internets: one led by the United States, one by China, and one by the European Union.