Welcome, Dr. Serena Sullivan

The National University Center for Cybersecurity is excited to welcome Dr. Serena Sullivan to our newest full-time faculty and member of the NU Center for Cybersecurity team. Dr. Sullivan brings a wealth of experience and expertise to our growing team, and we're looking forward to what she'll contribute to our students, our research, and our broader cybersecurity community. We sat down with Dr. Sullivan to learn more about her background, her work, and what brought her to National University.

Dr. Serena “Sully” Sullivan joined the Cybersecurity faculty team at National University in November 2025. She transitioned to National University from University of Colorado, Colorado Springs, in a city in which she currently resides with her two dogs, a Welsh Pembroke Corgi (Gryffin) and her Shitzu-Poodle mix (Fozzy). Her professional experience ranges from serving active-duty Air Force as both an Air Transportation Journeyman and as a Communications officer. Since separating from the Air Force, she has worked in a myriad of cybersecurity-focused positions spanning government, industry, and education. She holds a BS in Computer Science, a MS in Instructional Design and Technology, and a Doctor of Computer Science, specializing in Cybersecurity. Her research interests include digital privacy and expanding cybersecurity education. She recently presented in Brazil at the InterUni symposium, sharing current threats and emerging trends in fields like computer science, agronomy, and mechatronics. For fun, she likes spending time with her dogs and playing with her new granddaughter. Serena likes to be outside, walking, ATV riding, Geocaching, rock collecting, and camping.

Tell us about your path to cybersecurity. What drew you to the field, and what kept you in it?

While I was earning my BS in Computer Science, few colleges had Cybersecurity programs nor Cybersecurity-focused courses. I did not take a traditional learning path. Instead, I learned about security based on the equipment I supported as a communications officer. This ranged from mobile devices, satellite phones, classified and unclassified computing systems, and other communication devices. I started looking into certifications and decided to earn my CompTIA Security+ certification. Through study and leaning on the knowledge I obtained while in the Air Force, I was exposed to many concepts that I did not previously understand fully. Studying for that certification opened my eyes to the vast field of cybersecurity. Since then, I have gone on to earn other security certifications. What keeps me fascinated with Cybersecurity is how it changes over time. New technologies, tactics, and techniques are developed daily. Learning about recent technologies and understanding the broader impact has kept me interested over the past 25 years!

What is your primary research or practice focus right now, and what problem are you most trying to solve?

Right now, I am focused on uncovering how reproductive health apps handle sensitive user data and addressing the privacy and security risks that could expose that information to misuse or harm. Reproductive health apps have become part of everyday life for a lot of people. Apps are convenient, easy to use, and feel private. Behind the scenes, there are some real questions about how safe that data is.

I am taking a closer look at how these apps handle some of the most sensitive information a person can share. That means digging into how data is collected (what are they really tracking?), how it is stored (is it protected or just sitting on a server somewhere?), how it moves across networks, and who it might be shared along the way.

When people trust apps with deeply personal information, are they receiving the level of privacy and security they expect?

I am also writing a textbook focusing on digital privacy.

What advice would you give to someone just starting their cybersecurity education or career? What should they prioritize?

Focus on the foundations! Understand how networking behaves, how operating systems handle information, how protocols are used in communications, and gain some familiarity with coding. Understand why and how we protect people, data, and other assets and what governance to comply with. Cybersecurity is a team effort; you will never be the expert in everything cybersecurity-related! Find the topic you are passionate about and become an expert in that area. With over 600 career paths available within the Cybersecurity category, it may be difficult to narrow down where your passion lies and ruling out areas that do not interest you as much is just as important as figuring out what does interest you. If you know where your strngths and weaknesses lie, you will be able to form a comprehensive team highlighting each team member's strengths.

What certifications or technical skills do you think matter most for entering the field today and do any get overhyped?

CompTIA Security+ is a great certification to get started in industry, for several reasons. Security+ is a broad certification that tests cybersecurity professionals on a myriad of foundation topics. By earning the certification, potential employers will know the candidate has a baseline knowledge of cybersecurity concepts. Security+ is also required by DoD Directive (DoDD) 8140. Basically, any candidate will need to have certifications if they would like to work with government systems. Security+ is commonly needed for a variety of roles per DoDD 8140, and additional certifications are required for other roles. Another reason Security+ is a good starting point is because the study materials introduce many facets of security, which means candidates will be able to explore different topics that they might be interested in pursuing more in-depth. I think the idea of certifications being over-hyped is that certifications do not prove an individual can perform the job they are being hired for. Even though many certifications have some scenario-based questions, the certification itself does not indicate a person is qualified for a specific job.

What excites you most about joining the National University Center for Cybersecurity? What do you hope to build or contribute here?

One of the reasons I selected National University was because we are recognized as a Center of Academic Excellence, designated by the Department of Homeland Security and the National Security Agency. This designation indicates that students will learn topics that are necessary to become fluent or upskill their Cybersecurity skills. As a veteran, I was drawn to National University, as NU is well-known as a friendly institution for veterans. I find it very satisfying to know that I am helping my fellow veterans meet their educational goals. National University is also very welcoming of first-generation college students, which I find very appealing. Many first-generation college students struggle with navigating the college experience, and in my role, I can ensure that process goes smoothly for students I interact with.

I really appreciate the methods of lectures, an easily accessible Learning Management System (LMS), and hands-on labs. Having worked at several colleges and universities, I appreciate that students are able to apply the theory they learn in the courses to labs based on real-world situations. Students can easily practice skills in an environment where they do not need to worry about breaking something!

If you could hand every student one piece of advice that no one told you early in your career, what would it be?

Do not try to learn everything and focus on getting good at one area first. Early in my career, I felt like I had to understand every part of cybersecurity; networking, malware, cloud, penetration testing, digital forensics, and it slowed me down. Find one or two areas of security that you are passionate about and then learn everything you can theoretically and practically. Start competing in Capture the Flag events! You will learn a lot, and you will likely meet new friends; sometimes it is not just about knowledge; it is also about creating a social network. Sometimes opportunities will present themselves because you have the right skillset and you know someone who is looking for that skillset!

Sometimes, especially when you are first starting in cybersecurity, you may feel as though you are the least experienced or the person with the least amount of knowledge in a room of cybersecurity professionals. The term for that feeling is called imposter syndrome, and it can be present even after you have years of experience and knowledge. The feeling is very common in fast-moving industries, especially high-stakes fields like Cybersecurity. This feeling does not mean you are incapable, and it indicates that you are passionate about being knowledgable. Track your wins, focus on building one skill at a time, practice hands-on labs, and share what you know with others. Every seasoned professional has started where you are, and I guarantee no matter what your skill levels, you bring something unique and essential to a team.

How can a student find the topic they are most passionate about within cybersecurity?

Finding your passion can feel overwhelming! The key is to explore, experiment, and notice what interests you. Try hands-on labs, Capture the Flag challenges, or projects in areas like hacking, defense, forensics, or privacy. Talk to mentors, join communities, and reflect on what energizes you versus what feels tedious. Your first spark of curiosity may not be your ultimate focus, but it may lead you to the topic that inspires you.