Serena Villalobos graduated from the School of Information with a master’s in information and cybersecurity in 2019. Prior to the I School, she graduated from Universidad Nacional de Colombia with a degree in computer science and business administration. Currently, she is a product manager of security and compliance at Cisco Meraki and lecturer at the I School.
Why did you choose the I School?
The short answer is because it is UC Berkeley, a world-renowned academic institution. I was confident that Berkeley and the I School would equip me with an excellent education and the tools to succeed in the field of cybersecurity, and I am proud to say that I was right. I had already spent a few years working in cybersecurity within the heavily regulated healthcare industry, implementing what at the time was the latest technology innovation, electronic health records (EHR). EHR and HIPAA (the Health Insurance Portability and Accountability Act) introduced me to the fascinating field of cybersecurity and made me realize the necessity of further education. The moment I found out that UC Berkeley was offering a new master’s in cybersecurity in the School of Information, I did not hesitate to apply. I had been researching other programs, but none was as complete as MICS.
What was your focus at the I School?
My primary aim was to gain a comprehensive understanding of the cybersecurity field from all angles. Although I had experience in compliance, I felt the need to explore other areas more deeply. To my surprise, I discovered there was still much to learn even in areas I already had some experience in. I tried to take all possible classes, but sadly there was not enough time for all of them, and I had to choose among very interesting subjects and leave the rest to study after graduation through MICS for Life.
What was your favorite thing about the I School?
Definitely the sense of community and belonging to the growing family of MICS students and alumni. I met amazing and incredibly smart individuals who provided me with the opportunity to grow my professional network. Moreover, I built friendships with students with whom I did not even take classes with, but had the pleasure of encountering during our weekly “Coffee House” sessions, dedicated to discussing cybersecurity.
What was your favorite class?
That is actually a difficult question to answer because I genuinely enjoyed every class. I would say that CLTC’s Citizen Clinic brought me the most satisfaction. In this class, you have the opportunity to collaborate with NGOs that, because of their work, face the threat of nation-state actors. The objective is to assist these organizations in enhancing their security posture with the limited resources they have available. In some cases, the stakes are remarkably high, as security breaches could potentially endanger the lives of the NGO’s employees, volunteers, and the very individuals they are supporting. As a cybersecurity professional, this role demanded effective solutions in a critical context.
What is a cybersecurity challenge that intrigues you?
How to protect encryption from the risk of quantum computing. Cryptographic algorithms rely on hard mathematical problems based on one-way functions that in one direction are easy to compute but are almost impossible to solve in the opposite one. Current cryptographic algorithms are vulnerable to the development of cryptanalytically relevant quantum computers (CRQCs) that will be able to solve those hard mathematical problems in a very short period of time. This risk is estimated to become a reality once CRQCs are operational, which is expected to be around 2030. Mathematicians are already working on new cryptographic algorithms resistant to quantum computing and NIST is evaluating new post-quantum cryptography algorithms. To me, this is fascinating because of the societal implications.
You’re currently a Product Manager of Security and Compliance at Cisco Meraki, what compels you to work in this field?
When people think about cybersecurity they picture a perpetual battle between hackers attempting to breach systems defended by blue teams. This limited vision of the field overlooks other equally important roles. As a product manager, I am in the position to strategically define the direction of a security program to make sure it is aligned with business goals and customer requirements. It allows me to sit at the table where the executive leadership makes the decisions, and have a voice on those decisions — decisions that will impact a global company with a strong focus on cybersecurity. This is a unique and valuable opportunity that is preparing me for other leadership roles.
What is it like being on the faculty for MICS after being a student?
Being a lecturer in MICS is undeniably a great honor and a privilege that demands a strong commitment to maintain and improve the high quality of the program. I bear a dual responsibility: as a MICS alumna, I am dedicated to sustaining the program’s excellence by preparing students to become industry representatives of the I School, and as a professional, to complement the academics with my own expertise in the field. I am constantly learning and incorporating my professional experience in class. I am immensely grateful for the opportunity to be a part of the faculty, as it allows me to work in areas I am passionate about — cybersecurity and teaching.
Is there an achievement or project that you are most proud of?
The Lily L. Chang Award for best capstone project, which was awarded to our project “HIPAA for All,” signifies my interest in providing an easy way for small medical healthcare practices to be HIPAA compliant. Also, I am honored to have been named one of America’s Top 50 Women in Cybersecurity 2023 by both Latinas in Cyber and LATAM Women in Cybersecurity. These acknowledged my commitment to advancing cybersecurity and empowering underrepresented groups in the field.
