Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Cybersecurity Insights
a NIST blog
This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month, called 'Staff Stories Spotlight.' Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity.
This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity?
For me, this year’s theme is a reminder of the global nature of NIST’s cybersecurity and privacy work-- that it doesn’t and shouldn’t happen in a vacuum. NIST has so much work happening in the cybersecurity and privacy space that can help our stakeholders-- both here in the States and internationally-- manage their cybersecurity and privacy risks in really impactful ways. I’m thrilled that my office gets to support that important work by helping our laboratory propose our guidance and voluntary frameworks to international standards bodies for greater international adoption and alignment.
Describe your career pathway and how that led you to the cybersecurity field?
I started my post-graduate career at the State Department where I had the privilege of serving overseas American citizens in crisis. I wore a number of hats during my time there, though my proudest diplomatic accomplishment remains helping two other countries accede to or ratify an international treaty under The Hague Convention. Beyond the diplomacy component of the job, my direct work helping US citizens navigate very challenging situations abroad is actually what sparked my initial interest in cybersecurity and privacy work. I saw each day the ways in which our organizational processes and IT systems affected our support for our citizens, including how we were securing their data and preserving their privacy. I took on a number of projects that allowed me to build my cybersecurity and privacy experience.
Eventually, I began working as a consultant to the federal government under various cybersecurity and privacy contracts. I found myself focusing more and more on assessing IT systems for privacy risk and helping organizations put plans in place to manage that risk. I absolutely loved the system-level work. Perhaps a sign of fate, I was on a government contract actively using the NIST cybersecurity and privacy frameworks and related risk management guidance for a client when the opportunity to go work for NIST arose. It felt like the right next step for me, and I’m glad I went for it. My career at NIST has evolved in ways I couldn’t have imagined, and although my work is no longer focused exclusively on cybersecurity and privacy, my current role still has me connected to my privacy roots.
Describe the role(s) that you play at NIST. What are some interesting projects you’ve worked on recently?
When I first joined ITL, I worked primarily on integrating privacy risk management guidance into NIST special publications (e.g., NIST SP 800-53, Revision 5) and international standards on behalf of NIST’s privacy engineering program. I decided to focus my portfolio on international standards, and I became an IT Standards Advisor in ITL’s Office of IT Standardization. We’re the first lab-level office at NIST dedicated to supporting our staff members’ international standardization efforts. This role has allowed me to combine the diplomacy skills I gained at the State Department with the technical knowledge I built in the private sector. I lead our multilateral engagements that are focused on IT standardization for NIST. I also serve on the InterNational Committee for Information Technology (INCITS) Standards Executive Board, which helps to shape US positions (through ANSI) in ISO/IEC Joint Technical Committee 1 and its standardization work in the field of information and communications technologies, including cybersecurity and privacy standardization.
Our lab and office work hard every day to demonstrate our commitment to standards development and our support for the private sector-led standards system in the United States through our extensive efforts across many different Standards Development Organizations (SDOs). Our office has lots of exciting plans for the year ahead, and I look forward to putting them into action with our team. Outside of my usual portfolio of work, I’m proud to serve on the NIST Lactation Support Group Board. This group has done a lot of work to advance equity and inclusion in our workplace.
What is your favorite part about working at NIST?
Something that stands out about my experience at NIST is the generous mentorship I’ve received. Most NISTers share their knowledge and expertise without hesitation. I feel lucky to have had incredible mentorship – both formal and informal – throughout my time at NIST so far. Another favorite of mine is how much I am constantly learning. I suppose that’s the beauty of working in the technology space. The learning curve is constant, and I truly enjoy soaking up all the fascinating work that our researchers are doing – not just on cybersecurity and privacy but across all of our programs.