This is a companion blog to the “The SafeHouse” podcast dated October 31, 2024, with host Jeff Edwards, Co-Chair of the SafeHouse Initiative and his guest Cherilyn Pascoe, Director of the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST). Listen to the podcast here: https://safehouseinitiative.org/the-nist-nccoe-the-hub-of-cybersecurity-collaboration/
Welcome to a deep dive into the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST). Today, we explore the journey of Cherilyn Pascoe, the Director of NCCoE, and her insights on the center’s mission and its impact on the cybersecurity landscape.
Cherilyn Pascoe has had an intriguing journey to her current role. She spent a significant part of her career working for the Senate Commerce Committee, dealing with technology policy, cybersecurity legislation, and overseeing federal agencies. After 12 years in Congress, she joined NIST, where she focused on connecting public policy outcomes with cybersecurity initiatives. In August 2023, she took the helm at NCCOE.
“I wrote legislation on cybersecurity and transportation issues, and I oversaw federal agencies that worked on advancing research and development and innovation,” Cherilyn shared. Her unique trajectory illustrates that a technical background isn’t a prerequisite for success in cybersecurity; rather, a commitment to leveraging technology for public good is key.
One of Cherilyn’s notable contributions at NIST was leading the update of the Cybersecurity Framework (CSF) 2.0, released in February. “The process was really special. We engaged thousands of cybersecurity experts worldwide to improve the framework,” she explained. The CSF serves as a comprehensive guide to help organizations identify and reduce cybersecurity risks.
The CSF is designed to facilitate communication across various organizational levels, from cybersecurity professionals to senior management and legal departments. It provides a common lexicon for discussing cybersecurity governance and strategy.
Established a decade ago, the NCCOE aims to deepen relationships between NIST and industry. “We were really looking for a way to deepen the relationships with industry, especially with technology vendors,” Cherilyn stated. The center operates as a partnership between NIST, the state of Maryland, Montgomery County, and various cybersecurity vendors.
The NCCoE’s mission focuses on advancing the deployment of secure technology. By collaborating with industry and government agencies, they identify cybersecurity challenges and demonstrate solutions that integrate commercially available technology with cybersecurity standards. “We work collaboratively to address cybersecurity challenges,” Cherilyn said.
With organizations using 40 to 60 different cybersecurity technologies, the NCCoE aims to streamline the integration process. Cherilyn noted, “We’re focused on how to best integrate that technology so that we can demonstrate valuable solutions.”
One of the NCCoE’s current projects focuses on implementing Zero Trust architecture. “We’ve built a consortium with 24 cybersecurity vendors to demonstrate how to do Zero Trust,” Cherilyn explained. This initiative showcases how to apply Zero Trust principles using various technologies.
To foster collaboration, the NCCoE runs around 40 projects and actively seeks community feedback. “We announce all projects on our website and hold workshops and webinars for input,” Cherilyn said. This open engagement ensures the guidance produced is usable and valuable for industry.
As cybersecurity continues to evolve, the NCCoE is also focusing on operational resilience and the integration of cybersecurity and privacy. “Cybersecurity is not a silo within an organization; it’s part of a broader enterprise risk management approach,” Cherilyn emphasized.
As Cherilyn reflects on her first year as director, she expresses excitement for the future of the NCCoE. “We are in an interesting pivot from a startup to a more mature organization,” she noted. The center aims to select cybersecurity challenges with the largest community impact while continuing its focus on partnerships.
For organizations looking to enhance their cybersecurity, Cherilyn has two key recommendations:
The NCCoE is a vital resource in the cybersecurity landscape, fostering collaboration between government, industry, and academia. As Cherilyn Pascoe leads the charge, the center continues to innovate and adapt to the ever-changing cybersecurity challenges we face today.
For more information about the NCCOE and its initiatives, visit NCCOE’s website.
For more information about the SafeHouse Initiative and to learn about ways to get involved, visit their website: https://safehouseinitiative.org/.