Taylor Grossman (2018, MPhil International Relations) recently joined ETH Zurich as a Senior Researcher at the Center for Security Studies, working on their Cyberdefense project. Prior to this, Taylor was a Senior Research Analyst and Project Manager in the Cyber Policy Initiative at the Carnegie Endowment for International Peace, where her work focused on capacity-building and financial inclusion. We asked her some questions about her career to date.
Congratulations on your new position at ETH Zurich! What does the role entail?
I’m a Senior Researcher at the Center for Security Studies where I work in the center’s policy think tank. The Center for Security Studies is actually split so there’s an academic side which is composed basically of all PhD researchers who are working on publishing peer-reviewed articles. Then there is the think-tank side which is much more project based, focussed on policy analysis, with quick turn-around times working very closely with our partners.
I work on the cyber defence project where primarily my job is to produce reports commissioned by the Swiss Ministry of Defence. We work a lot with our partners in Bern on this.
It’s a very new environment for me – I’m an American from California and I’m learning quite a bit about Switzerland – but it’s a really interesting place to be, with the mix of academic and policy mindsets, and an interesting time as well.
How did you get into policy analysis and specifically cyber security?
When I entered college as an undergraduate I was actually not a policy person at all. I was a prospective literature major so I had a circuitous journey into policy and fell in love with it in my second year and have been hooked ever since. I ended up gravitating towards security policy and wrote my undergraduate thesis on American institutions’ warning systems for terrorism. The colour-coded system the homeland security department unveiled in 2003was much maligned and mocked, and then quietly replaced during the Obama era. I looked at the institutional development of those two warning systems and why they didn’t work very well.
On graduating I knew that I wanted to be in an environment that was intellectually challenging, where there was a lot of exploration and flexibility, so I started to gravitate towards research roles. Back in 2015 my thesis advisor suggested that I look into this new field that was getting a lot of attraction in Washington D.C. called cybersecurity. I’m a bit of a luddite so I thought this probably isn’t going to work out very well but I ended up working for someone who really wanted someone like me - with a policy background and but not the sort of techno-optimist you see in Silicon Valley. We got on really well and he’s still a mentor for me. It was a really interesting time to be entering cybersecurity, particularly as a non-technologist.
What is it like working in cyber security?
Cyber-security is a naturally interdisciplinary field where you have legal minds, you have policy analysts, engineers, sociologists – everyone has something to say, no-one speaks the same language and everyone tends to think that their expertise is the missing link. It’s a really great field for newcomers: There are lots of different access points because the contours are constantly shifting, and there is a lot less entrenched conventional thinking than in other fields, with people entering from diverse backgrounds.
What was your career path after securing your first job?
I worked for about a year doing research before I went into consulting, where I worked for a very small company in Silicon Valley that helped a series of start-ups engage with the government. It was really rewarding – it taught me that I did not want to do business school and I didn’t want to work in the private sector long term. I think it can be really helpful to do a short stint in something that is a bit more private sector oriented – where there are very different structures, timelines, and reporting mechanisms.
After that I went to Oxford and did the MPhil from 2018 to 2020 where I focussed on cyber policy, particularly on cyber norms and perfidious deception in non-violent cyber-attacks. I did a mixed-methodology thesis that included a survey experiment using R and qualitative interviews. I actually was planning to stay on to do the DPhil, but because of the COVID-19 pandemic and writing the end of my thesis in the depths of the UK lockdown, I decided I wasn’t ready to dive into several more years of independent research - I wanted a more interactive environment and to try something more fast-paced. So I moved back to Washington DC in October 2020 to work for the Carnegie Endowment for International Peace which is an international think tank. At Carnegie I worked on cyber policy initiatives - specifically on cyber security in the financial sector, which was a completely new field for me. I was hired because of the skillset I had put together at Oxford and from my research background, not on the specific research areas.
Do you have any other words of advice for students and recent graduates considering a career in policy analysis and think tanks?
I won’t list all of the places I applied to and didn’t get in – there are many! – but, if you want to work in policy and think tanks, I’d say that it’s good to be open to different opportunities. A lot of things didn’t work out that I thought were perfect for me and a lot of things ended up working out that I loved – so by being open and flexible and exploring areas or styles of work that might be a little outside of your comfort zone, I think the payoff can be huge.