Online Master's in Cybersecurity Risk Management
Karensa Thomas

Photo of Karensa Thomas

What is virtue? And what does it mean to act virtuously?

Does it mean following a set of deeply held principles, wherever they might lead? Or choosing a path that ensures the best results, the greatest good?

When Lt. Col. Karensa Thomas, director of the U.S. Army Regional Cyber Center in South Korea, is asked about her favorite class in the Master’s in Cybersecurity Risk Management program at Georgetown, she doesn’t mention courses like Security Architecture & Design or Disruptive Technologies & Organizational Change. Instead, she cites one of her first classes—Ethics in Cybersecurity—which grounded her decidedly 21st-century job in the foundational thought of antiquity and the modern age.

“The lessons navigated away from the traditional governance and security topics,” Thomas says. “For example, the first part of the course introduced me to different methodologies surrounding consequentialism, deontology, and virtue. Then, during case studies, we were divided into groups where we presented opposing and often controversial views based on one of the methodologies.”

Technologies change. Threats become more sophisticated. That’s why the Cybersecurity Risk Management program, in conjunction with the Master’s in Applied Intelligence program, established a “Red Cell” to train analysts who can challenge conventional wisdom and identify nascent threats.

Still, the ethical issues will always remain and will perhaps become even more pronounced as novel threats demand new responses.

From her base in Daegu, a city of 2 million in the southeast part of the country, Thomas heads a team dedicated to ensuring “freedom of action in cyberspace while denying the same to our adversaries.”

And she continues to benefit from her Georgetown education.

“The remarkable professors tremendously enhanced my educational experience,” Thomas says. “Their attentiveness and availability remain impressive. In addition, the program helped me understand industry practices to bridge gaps in cybersecurity governance and better protect the network.”