Top Women in Cybersecurity: Whitney Merrill
Whitney Merrill, Attorney, Federal Trade Commission
Federal employees haven’t always been welcomed at DEF CON. But for a conference that once prided itself on a “Spot the Fed” contest, things are certainly changing. Federal Trade Commission lawyer Whitney Merrill, the first ever law student to be accepted into the National Science Foundation’s CyberCorps program, has helped change this narrative at DEF CON as the founder of the Crypto & Privacy Village, an interactive mini-event that takes place within the Las Vegas conference.
A former Electronic Frontier Foundation employee, she last year helped the FTC win a $24 million final judgment against Publishers Business Services — a company which was involved in widespread deception and abusive telemarketing practices, according to court documents.
Merrill is part of a small group of federal lawyers that are knowledgeable in both privacy law and digital security. On a regular basis, Merrill investigates and brings cases against companies for unfair business practices, including bad data security and privacy practices.
Who originally inspired you to follow this career path?
My parents. My father is technical, handy, and has always been interested in new technologies. My mother is very privacy and security conscious; and I have an itch to understand how things work. I attended Lego robotics camp, enjoyed learning how to fix toilets and generally love puzzles. My father always says, “Serendipity favors the prepared mind,” and that’s how I look back on how I got where I am today. I work really hard, feed my curiosity and seize opportunities when I can.
What’s the biggest challenge you’ve faced in your career? And how did you respond to it?
The path for individuals with a tech/law background is far from paved. I’m licensed to practice law and I have my master’s in computer science from the University of Illinois at Urbana-Champaign. When I was the first law student accepted into the NSF’s CyberCorps, I was able to convince my law school to allow me to enroll as a full time undergraduate student during my last semester as a law student (29 credits in 1 semester—yikes!) to gather the necessary prerequisites for a master’s in computer science. Most organizations, including the U.S. Government, have not optimized for a cross disciplined approach to law and security issues, so much of my struggle has been trying to figure out what that path looks like. I’m not sure I’ve conquered that challenge yet; it’s an ongoing struggle. I think it’s important to get the word out that there are attorneys with computer science and security backgrounds interested in using both skills regularly.
Knowing what you know, is there any advice you’d impart onto the next generation? What would you say to young women who are considering a career in the technology industry or a related field?
Don’t worry that you might be the only woman in the room. Use that as a catalyst to encourage diversity. My best advice for success would be: try things even if people say, “don’t do it,” “it’s not possible,” or “you might fail”—fail often and don’t give up. I also encourage folks to attend conferences and reach out to individuals who have careers that are of interest. I’ve met a lot of people through hacker conferences who have been incredibly supportive of my career.
Why is it important to you to empower women and other minorities to join more technical and technology-related fields?
There isn’t a one-size-fits-all approach to solving a problem, and we need more great talent in these fields. I strive to make women and minorities to feel welcomed by the tech community. Diversity strengthens and greatly benefits teams and organizations—the more people who empower women and minorities, the better.