Teddy Nemeroff ’97

Teddy Nemeroff

by Shelley Dutton (portraits by Valerie Plesch Photography)

 
Teddy Nemeroff ’97 is a leader in the complex world of international cybersecurity and technology policy. A career government official who has served in the State Department and at the White House as a member of the National Security Council staff, Teddy grapples with issues that have profound security, legal, political, and economic implications.

He defines the essential questions that shape his work this way: “How do we safeguard technology so that we can reap the tremendous benefits it offers? How do we respond when countries, or actors within those countries, leverage cyber capabilities to pose a serious threat – and how do we get others to join us in responding?”

The answers lie in a combination of policy and diplomacy, and Teddy has a hand in both arenas.

A NEW DOMAIN OF STATECRAFT 

To understand the significance of Teddy’s work, one must recognize that cyber capabilities are a new tool that states use to advance their goals both in peacetime and in conflict.
 
Teddy notes, “Cyber attacks are silent compared to bombs. They are less visible than the physical damage that war brings. But they have the potential to be just as destructive.” He adds, “Cyber capabilities have also been used by governments to enable human rights abuses and by criminals to coerce and steal.”
 
“From a global perspective,” Teddy observes, “technology has brought us all closer, but it has also made us all more vulnerable.”
 
A few publicly reported cyber incidents reveal the seriousness of the threat:
  • Over a two-year period culminating in 2015, hackers infiltrated computer systems at the U.S. Office of Personnel Management, gaining access to confidential background information about individuals seeking security clearances, as well as millions of people’s fingerprints. While the attacks could not definitively be linked to a specific perpetrator, evidence suggested that they were conducted by state-sponsored hackers working for the Chinese government.
  • In May 2021, the Colonial Pipeline, which originates in Texas and carries gasoline, diesel, and jet fuel to the southeastern U.S., experienced a ransomware attack that forced a temporary shutdown of its operations. Within days, fuel shortages and panic buying were occurring from South Carolina to Virginia. Evidence indicated that the attack originated in Russia.
  • In February 2022, before beginning its war on Ukraine, Russia launched cyber attacks against commercial satellite communication networks with the intention of disrupting Ukraine’s ability to respond to the invasion. This attack had secondary consequences across Europe, affecting internet access and power generation facilities in some areas.
  • In 2022, a group calling itself “HomeLand Justice” conducted destructive cyber attacks against the government of Albania, rendering key services unavailable. The hackers, identified by U.S. intelligence as “Iranian state cyber actors” subsequently released confidential Albanian government information online. These incidents led Albania to terminate diplomatic relations with Iran.

In a May 2023 follow-up report to the Colonial Pipeline breach, Jen Easterly, director of the U.S. government’s Cybersecurity and Infrastructure Security Agency, wrote, “…since that event, the Biden-Harris Administration has made significant strides in our collective cyber defense.” After enumerating a variety of initiatives now in place, she cautioned, “While we should welcome this progress, much work remains to ensure the security and resilience of our critical infrastructure in light of complex threats and increasing geopolitical tension. The U.S. Intelligence Community issued a stark warning of a potential future threat in its recent Annual Assessment, noting, ‘If Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure.’”

THE PATH TO CYBERSECURITY LEADERSHIP

One might assume that averting and responding to cyber attacks on the world stage would require tremendous technical expertise, but Teddy Nemeroff – a self-described “policy wonk” – freely admits, “I didn’t start with a technology background.” How does a person without a tech background become one of the nation’s leading cyber policy experts? That’s an interesting story, which, Teddy says, has its roots in his early education. He recalls, “Growing up in DC and attending Potomac, I had lots of exposure to kids whose parents worked in government. We visited Congress several times, and I developed an interest in public service early on. Then, in Upper School, I studied Chinese and took courses in Chinese and Japanese history from Dan Paradis. Those experiences sparked my interest in international relations.” He adds, “There was a strong sense of community at Potomac, and the idea of community – of being part of something larger than myself and having both the opportunity and the responsibility to contribute to it – became an important piece of who I am.” After high school, Teddy attended Princeton, majoring in public policy and international affairs and continuing his study of Chinese. He enjoyed college life but was struck by the challenges the campus community was having around race relations and diversity. So, as a member of student government, Teddy began focusing on dialogue as a tool for conflict resolution and improved race relations. He started a campus group that has now grown into a nationwide organization – the Sustained Dialogue Campus Network. Teddy says, “SDCN provides a structured approach that can help campus communities tackle race relations, broader issues of diversity and difference, even political diversity. Respectful, ongoing dialogue is key.” 

Teddy Nemeroff Quote

During his college years, Teddy visited China twice – once to study, and once to do a summer internship at the American Embassy in Beijing. In his third college summer, he worked with a refugee organization in the country of Georgia. Teddy says, “This appealed to the do-gooder side of me…but it also gave me the opportunity to see how basic business and organizational principles empower people to do good.” 

Teddy considered law school as his next step but instead joined the management consulting firm Bain after graduation. He recalls, “The idea was to learn how real businesses work, how to take a business approach to problem solving.” 

Teddy did eventually apply to law school and was accepted, but he again deferred that step when one of his mentors invited him to come to South Africa and work for a well-known democracy NGO. In 2003, Teddy started a program in Pretoria using dialogue to help resolve conflicts within townships; he later worked in Zimbabwe, promoting dialogue as a means of addressing political tensions. What was to have been a two-year commitment expanded to three, and before he left South Africa, Teddy had met his future wife, Shani. 

Back in the U.S., Teddy attended Columbia Law School, clerked for a federal appellate judge in Boston, then returned to the DC area to practice with Steptoe and Johnson, “a firm with good government connections.” He says, “One day, out of the blue, Stewart Baker, a former Potomac dad, contacted me about an opportunity. Stewart had been the general counsel at the National Security Agency and run the policy shop at DHS. He was starting a new practice within Steptoe, focused on technology law, and he invited me to join it.” 

Teddy reflects, “I knew very little about technology law and cybersecurity. My interests had been in international relations and public service. But this sounded like a great opportunity.” 

Teddy’s new job enabled him to explore cyber – a cross-cutting field with significant political, economic, and security implications – in all its complexity. He observes, “Technology 

evolves with incredible speed. A lot of our work focused on how old laws can be applied to, or adapted for, new technology. We had to think imaginatively about our clients’ needs.” 

Teddy continues, “After three years in that role, it was suggested to me that if I wanted to get into government, a Fellowship with the Council on Foreign Relations would be a good avenue to pursue. I applied in 2013 and got the Fellowship. The following year, I started work at the State Department, initially in the Office of the Coordinator for Cyber Issues. That office had been established only three years previously; we were just beginning the process of crafting diplomacy around cybersecurity and related challenges.”

As a program director at NOAA for more than 12 years and the first female to occupy a leadership position in her division, Libby Jewett ’78 has made it clear: She’s committed to moving the needle on climate change.
Teddy Nemeroff ’97 is a leader in the complex world of international cybersecurity and technology policy.
Whether it’s defying the naysayers who try to pigeonhole her into a single musical genre or swerving off a country road to save her life, Alyson Cambridge ’97 has found that following a prescribed path will never be part of her story.
Author and illustrator Jamie Potter ’01 creates stories that spark the imagination of young readers and remind them that they have the ability to adapt and thrive in the face of challenges.
For Grant Hoechst Jackson ’14, flexibility is key. Whether he’s composing and playing music or leading game-design teams at Naughty Dog, Grant maintains an open and agile perspective – empowering himself
As president and CEO of Leading Harvest, Kenny Fahey ’04 focuses on harnessing the power of the business sector to drive positive environmental and social outcomes in agriculture.