Ron Ross: Bringing the NIST Framework Home
Play • 1 hr 1 min

Ron Ross: Bringing the NIST Framework Home



“If you do good software development, most of our security problems will go away because all of the nagging vulnerabilities that we see in software — a lot of those are attributed to people not using secure coding techniques and things we should be doing,”

 -- Ron Ross


Things are changing at such a rapid pace, it’s hard to keep pace with what used to work, what is working and what we can count on working when we log in tomorrow.


It’s almost like we need to count on some kind of established framework to use as a guideline.


While this episode of InSecurity touches on the impact of COVID19 on the global workforce, it’s not yet another blog or podcast about the same thing. We talk with NIST Fellow Ron Ross about the future of work, healthcare and the IT industry writ large.


This week on Insecurity, Matt Stephenson welcomes Cybersecurity legend Dr Ron Ross about… well… lots of things. We talk about the quick transition of the world’s workforce from on prem to telework as well as his recent move from leading FISMA at NIST to their newly created DevSecOps and why that matters now more than ever


About Ron Ross



Ron Ross (@ronrossecure) is a Fellow at NIST. His focus areas include cybersecurity, systems security engineering, cyber resiliency, security architecture, privacy, and risk management. Dr. Ross leads the FISMA Implementation Project and the Systems Security Engineering Initiative, which includes the development of cybersecurity and privacy standards and guidelines for the federal government, contractors, and the U.S. critical infrastructure. Dr. Ross also leads the Joint Task Force, a partnership with the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for the development of the Unified Information Security Framework for the federal government and its contractors. Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. Dr. Ross also supports the U.S. State Department in the international outreach program for cybersecurity and critical infrastructure protection.

A graduate of the United States Military Academy at West Point, Dr. Ross served in many leadership and technical positions during his twenty-year career in the United States Army. He is a five-time recipient of the Federal 100 award for his leadership and technical contributions to critical cybersecurity projects affecting the federal government and is a recipient of the Presidential Rank Award. Dr. Ross has also received the Department of Commerce Gold and Silver Medal Awards and has been inducted into the National Cyber Security Hall of Fame. In addition, Dr. Ross has been inducted into the Information Systems Security Association Hall of Fame and given its highest honor of Distinguished Fellow. During his military career, Dr. Ross served as a White House aide and a senior technical advisor to the Department of the Army. He holds a Bachelors degree in Engineering from the U.S. Military Academy and Masters and Ph.D. degrees in Computer Science from the Naval Postgraduate School specializing in artificial intelligence and robotics. 


About Matt Stephenson




Insecurity Podcast host Matt Stephenson (@packmatt73) leads the broadcast media team at Cylance, which puts him in front of crowds, cameras, and microphones all over the world. He is the regular host of the InSecurity podcast and video series at events around the globe.


Twenty years of work with the world’s largest security, storage, and recovery companies has introduced Stephenson to some of the most fascinating people in the industry. He wants to get those stories told so that others can learn from what has come


Every week on the InSecurity Podcast, Matt interviews leading authorities in the security industry to gain an expert perspective on topics including risk management, security control friction, compliance issues, and building a culture of security. Each episode provides relevant insights for security practitioners and business leaders working to improve their organization’s security posture and bottom line.


Can’t get enough of Insecurity? You can find us at ThreatVector InSecurity Podcasts, Apple Podcasts and GooglePlay as well as Spotify, Stitcher, SoundCloud, I Heart Radio and wherever you get your podcasts!


Make sure you Subscribe, Rate and Review!

More episodes
Clear search
Close search
Google apps
Main menu