Teddy Nemeroff ’97

A NEW DOMAIN OF STATECRAFT 

• Over a two-year period culminating in 2015, hackers infiltrated computer systems at the U.S. Office of Personnel Management, gaining access to confidential background information about individuals seeking security clearances, as well as millions of people’s fingerprints. While the attacks could not definitively be linked to a specific perpetrator, evidence suggested that they were conducted by state-sponsored hackers working for the Chinese government.
• In May 2021, the Colonial Pipeline, which originates in Texas and carries gasoline, diesel, and jet fuel to the southeastern U.S., experienced a ransomware attack that forced a temporary shutdown of its operations. Within days, fuel shortages and panic buying were occurring from South Carolina to Virginia. Evidence indicated that the attack originated in Russia.
• In February 2022, before beginning its war on Ukraine, Russia launched cyber attacks against commercial satellite communication networks with the intention of disrupting Ukraine’s ability to respond to the invasion. This attack had secondary consequences across Europe, affecting internet access and power generation facilities in some areas.
• In 2022, a group calling itself “HomeLand Justice” conducted destructive cyber attacks against the government of Albania, rendering key services unavailable. The hackers, identified by U.S. intelligence as “Iranian state cyber actors” subsequently released confidential Albanian government information online. These incidents led Albania to terminate diplomatic relations with Iran.

In a May 2023 follow-up report to the Colonial Pipeline breach, Jen Easterly, director of the U.S. government’s Cybersecurity and Infrastructure Security Agency, wrote, “…since that event, the Biden-Harris Administration has made significant strides in our collective cyber defense.” After enumerating a variety of initiatives now in place, she cautioned, “While we should welcome this progress, much work remains to ensure the security and resilience of our critical infrastructure in light of complex threats and increasing geopolitical tension. The U.S. Intelligence Community issued a stark warning of a potential future threat in its recent Annual Assessment, noting, ‘If Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure.’”

THE PATH TO CYBERSECURITY LEADERSHIP

One might assume that averting and responding to cyber attacks on the world stage would require tremendous technical expertise, but Teddy Nemeroff – a self-described “policy wonk” – freely admits, “I didn’t start with a technology background.” How does a person without a tech background become one of the nation’s leading cyber policy experts? That’s an interesting story, which, Teddy says, has its roots in his early education. He recalls, “Growing up in DC and attending Potomac, I had lots of exposure to kids whose parents worked in government. We visited Congress several times, and I developed an interest in public service early on. Then, in Upper School, I studied Chinese and took courses in Chinese and Japanese history from Dan Paradis. Those experiences sparked my interest in international relations.” He adds, “There was a strong sense of community at Potomac, and the idea of community – of being part of something larger than myself and having both the opportunity and the responsibility to contribute to it – became an important piece of who I am.” After high school, Teddy attended Princeton, majoring in public policy and international affairs and continuing his study of Chinese. He enjoyed college life but was struck by the challenges the campus community was having around race relations and diversity. So, as a member of student government, Teddy began focusing on dialogue as a tool for conflict resolution and improved race relations. He started a campus group that has now grown into a nationwide organization – the Sustained Dialogue Campus Network. Teddy says, “SDCN provides a structured approach that can help campus communities tackle race relations, broader issues of diversity and difference, even political diversity. Respectful, ongoing dialogue is key.” 

During his college years, Teddy visited China twice – once to study, and once to do a summer internship at the American Embassy in Beijing. In his third college summer, he worked with a refugee organization in the country of Georgia. Teddy says, “This appealed to the do-gooder side of me…but it also gave me the opportunity to see how basic business and organizational principles empower people to do good.” 

Teddy considered law school as his next step but instead joined the management consulting firm Bain after graduation. He recalls, “The idea was to learn how real businesses work, how to take a business approach to problem solving.” 

Teddy did eventually apply to law school and was accepted, but he again deferred that step when one of his mentors invited him to come to South Africa and work for a well-known democracy NGO. In 2003, Teddy started a program in Pretoria using dialogue to help resolve conflicts within townships; he later worked in Zimbabwe, promoting dialogue as a means of addressing political tensions. What was to have been a two-year commitment expanded to three, and before he left South Africa, Teddy had met his future wife, Shani. 

Back in the U.S., Teddy attended Columbia Law School, clerked for a federal appellate judge in Boston, then returned to the DC area to practice with Steptoe and Johnson, “a firm with good government connections.” He says, “One day, out of the blue, Stewart Baker, a former Potomac dad, contacted me about an opportunity. Stewart had been the general counsel at the National Security Agency and run the policy shop at DHS. He was starting a new practice within Steptoe, focused on technology law, and he invited me to join it.” 

Teddy reflects, “I knew very little about technology law and cybersecurity. My interests had been in international relations and public service. But this sounded like a great opportunity.” 

Teddy’s new job enabled him to explore cyber – a cross-cutting field with significant political, economic, and security implications – in all its complexity. He observes, “Technology 

evolves with incredible speed. A lot of our work focused on how old laws can be applied to, or adapted for, new technology. We had to think imaginatively about our clients’ needs.” 

Teddy continues, “After three years in that role, it was suggested to me that if I wanted to get into government, a Fellowship with the Council on Foreign Relations would be a good avenue to pursue. I applied in 2013 and got the Fellowship. The following year, I started work at the State Department, initially in the Office of the Coordinator for Cyber Issues. That office had been established only three years previously; we were just beginning the process of crafting diplomacy around cybersecurity and related challenges.”

Stay connected with the Potomac Alumni community