Welcome back to the Director’s Corner! This blog series was created to provide readers with special insight into the cybersecurity work we are very proud to have completed and plan to accomplish in the near future. The first blog of this series was published by Matt Scholl, chief of the Computer Security Division at NIST, and Matt shared best practices to ensure everyone is ready to transition to new quantum-resistant cryptography.
As promised, we are continuing this blog series in 2020, with the first Director’s Corner blog for the year and second of the series. Our second blog is from Jeff Greene, director of NIST’s National Cybersecurity Center of Excellence (NCCoE). Formerly, Jeff was the vice president of global government affairs and policy at Symantec. He also served as an appointed member of NIST’s Information Security and Privacy Advisory Board and as a special government employee at NIST to support the President’s Commission on Enhancing National Cybersecurity.
What made you interested in working for the NCCoE at NIST?
The mission. I’ve spent a lot of time working on this issue from the policy and partnership side — and that’s important — but it was always at least one layer removed from fixing a real, tangible problem in the field. The NCCoE’s mission is to fix problems, to bring the public and private sectors together to develop practical, implementable solutions to problems organizations are facing today. I couldn’t pass up the chance to be part of a team that is focused on doing, not just talking. Equally important was the chance to be a part of NIST; there’s no government agency like it, none that has the level of respect both inside and outside the government.
How did you get your start in the cybersecurity field?
It was almost accidental. I was a staff member on the Senate Homeland Security Committee and was working on various issues, including homeland defense and disaster response as well as some investigative matters. In the fall of 2009, a colleague asked if I could help on “one small piece” of the Committee’s cybersecurity legislation. Within a few months, I handed off the other issues to colleagues and was working on cybersecurity full time. A year later Stuxnet hit, and I was pretty well hooked.
Which skill(s) are you most excited to be bringing to your new role as Director of the NCCoE?
I spent the past eight years working on cyber policy in the private sector, including working closely with NIST and the NCCoE. I think that gives me some insight into how our private sector partners view the center, how we can maximize our value to them, and how best to work with them in the short and long term.
What are a few of your goals for the center?
My starting point is from the Hippocratic Oath — do no harm. The center is doing great things and I want to make sure anything I do enhances and enables that work. That doesn’t mean we can’t improve, of course. I met with a variety of our partners at RSA, and the most consistent feedback I got was that they want us to move more quickly. So, I’d like to explore whether we can do that while still maintaining the quality of the work. I’m interested in seeing if we can supplement our practice guides with other types of products that we could develop and release more quickly.
What cybersecurity focus areas do you see being at the forefront in 2020?
Three things come to mind: artificial intelligence, quantum, and zero trust. Actually, four — I’d add 5G to that. We are at varying stages of projects looking at all these areas, and we welcome input on any of them.
Remember to follow us on Twitter: @NISTcyber!