The NIST NCCOE: The Hub of Cybersecurity Collaboration

This is a companion blog to the “The SafeHouse” podcast dated October 31, 2024, with host Jeff Edwards, Co-Chair of the SafeHouse Initiative and his guest Cherilyn Pascoe, Director of the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST).  Listen to the podcast here: https://safehouseinitiative.org/the-nist-nccoe-the-hub-of-cybersecurity-collaboration/

Welcome to a deep dive into the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST). Today, we explore the journey of Cherilyn Pascoe, the Director of NCCoE, and her insights on the center’s mission and its impact on the cybersecurity landscape.

Meet Cherilyn Pascoe

Cherilyn Pascoe has had an intriguing journey to her current role. She spent a significant part of her career working for the Senate Commerce Committee, dealing with technology policy, cybersecurity legislation, and overseeing federal agencies. After 12 years in Congress, she joined NIST, where she focused on connecting public policy outcomes with cybersecurity initiatives. In August 2023, she took the helm at NCCOE.

From Legislation to Leadership

“I wrote legislation on cybersecurity and transportation issues, and I oversaw federal agencies that worked on advancing research and development and innovation,” Cherilyn shared. Her unique trajectory illustrates that a technical background isn’t a prerequisite for success in cybersecurity; rather, a commitment to leveraging technology for public good is key.

The Cybersecurity Framework (CSF) 2.0

One of Cherilyn’s notable contributions at NIST was leading the update of the Cybersecurity Framework (CSF) 2.0, released in February. “The process was really special. We engaged thousands of cybersecurity experts worldwide to improve the framework,” she explained. The CSF serves as a comprehensive guide to help organizations identify and reduce cybersecurity risks.

Bridging Gaps in Cybersecurity

The CSF is designed to facilitate communication across various organizational levels, from cybersecurity professionals to senior management and legal departments. It provides a common lexicon for discussing cybersecurity governance and strategy.

The NCCoE: A Collaborative Hub

Established a decade ago, the NCCOE aims to deepen relationships between NIST and industry. “We were really looking for a way to deepen the relationships with industry, especially with technology vendors,” Cherilyn stated. The center operates as a partnership between NIST, the state of Maryland, Montgomery County, and various cybersecurity vendors.

Mission and Vision

The NCCoE’s mission focuses on advancing the deployment of secure technology. By collaborating with industry and government agencies, they identify cybersecurity challenges and demonstrate solutions that integrate commercially available technology with cybersecurity standards. “We work collaboratively to address cybersecurity challenges,” Cherilyn said.

Integration of Technology and Standards

With organizations using 40 to 60 different cybersecurity technologies, the NCCoE aims to streamline the integration process. Cherilyn noted, “We’re focused on how to best integrate that technology so that we can demonstrate valuable solutions.”

Zero Trust Architecture

One of the NCCoE’s current projects focuses on implementing Zero Trust architecture. “We’ve built a consortium with 24 cybersecurity vendors to demonstrate how to do Zero Trust,” Cherilyn explained. This initiative showcases how to apply Zero Trust principles using various technologies.

Engagement with the Community

To foster collaboration, the NCCoE runs around 40 projects and actively seeks community feedback. “We announce all projects on our website and hold workshops and webinars for input,” Cherilyn said. This open engagement ensures the guidance produced is usable and valuable for industry.

Operational Resilience and Privacy

As cybersecurity continues to evolve, the NCCoE is also focusing on operational resilience and the integration of cybersecurity and privacy. “Cybersecurity is not a silo within an organization; it’s part of a broader enterprise risk management approach,” Cherilyn emphasized.

Looking Ahead

As Cherilyn reflects on her first year as director, she expresses excitement for the future of the NCCoE. “We are in an interesting pivot from a startup to a more mature organization,” she noted. The center aims to select cybersecurity challenges with the largest community impact while continuing its focus on partnerships.

Recommendations for Organizations

For organizations looking to enhance their cybersecurity, Cherilyn has two key recommendations:

1. “Print the Cybersecurity Framework 2.0 and have a lunch discussion with your team about it. Talk about what’s interesting and where your organization stands.”
2. “Join us for lunch at the NCCOE. We host ‘Cybersecurity Connections’ events where industry professionals gather to discuss best practices.”

Conclusion

The NCCoE is a vital resource in the cybersecurity landscape, fostering collaboration between government, industry, and academia. As Cherilyn Pascoe leads the charge, the center continues to innovate and adapt to the ever-changing cybersecurity challenges we face today.

For more information about the NCCOE and its initiatives, visit NCCOE’s website.

For more information about the SafeHouse Initiative and to learn about ways to get involved, visit their website: https://safehouseinitiative.org/.