4 Questions with the Head of NIST’s Cyber Collaboration Hub

What are some of your short-term goals for NCCoE?

I’d say the biggest thing is, in the simplest terms, I don’t want to mess anything up. The center — they’ve done a lot of good work, continue to do good work. So whatever I do there in my current role, I want to make sure that it is an evolution and complementary.

You know, I was not brought in to blow things up because the place is going well. Also, I’m taking my time to make sure I get to know [NCCoE]. I knew the NCCoE well from the outside because my company was a partner and we worked closely. I was at the ribbon-cutting at this building six years ago, but everything is always different on the inside. And it’s easy to say: “Hey, why do they do that?” But you have to believe there’s a reason and learn why.

So I’m taking my time to understand how we got where we are. I would say probably the biggest single thing that — and this is something I thought going in, it was affirmed at the RSA [cybersecurity conference where] I met with a bunch of partners — there’s a strong desire for us to move more quickly, whether it is to put the practice guides that we’re doing now to put them out more quickly to try to get them out in an agile format, or to come up with new types of products that we can push out more quickly.

Also a push for simplicity. Forty-page documents are hard to digest, even for the security professional. There’s a definite need for them, particularly if we’re going to describe a build down into the very technical details. Those will always be needed. But to see if we can distill down some of the key points into shorter documents, maybe look at multimedia, other ways. So all of that, again, I think is built on top of the work that the center is doing.

Probably the biggest short-term thing from my perspective is trying to develop some new types of products and get some thinking out there if we need to be a little more nimble and responsive to immediate, pressing needs. You know, recently we put up a couple of blog posts on telework and virtual meeting security because we thought there’d be a demand. And we’ve seen really good traffic and interest in that. So I’ve been happy to be able to get those things going. But the folks at the center and at NIST more broadly have been really open, excited about all these ideas. So it’s made it really easy.


Read more at: Fifth Domain