This blog is part of a larger NIST series during the month of October for Cybersecurity Awareness Month, called ‘Staff Stories Spotlight.’ Throughout the month of October this year, Q&A style blogs will be published featuring some of our unique staff members who have interesting backgrounds, stories to tell, and projects in the world of cybersecurity.
Credit:
NIST
This year’s Cybersecurity Awareness Month theme is ‘Secure our World.’ How does this theme resonate with you, as someone working in cybersecurity?
The theme ‘Secure our World’ resonates with me because I enjoy researching about cybersecurity related to many different sectors and topics—all of which are important in our modern lives. I spend quite a bit of time working on cybersecurity of IoT devices as well as cybersecurity in healthcare. I also work to improve cybersecurity in the energy sector and enjoy tailoring cybersecurity guidance for small businesses.
Describe your career pathway and how that led you to the cybersecurity field?
Although I’ve been working in the cybersecurity field for nearly 20 years, I initially began working as a public school teacher—teaching English as a Second Language. My break came when a friend—who ran a small consulting company—was looking to bring on junior engineers for contracts he anticipated winning. He trained us in computer networking and submitted us for clearances. Although I was never able to work for his company, with the clearance I was able to get a job as a security trainer in the U.S. Department of Defense.
From that initial job in the industry, I was able to pivot to new positions, study, and learn new skills along the way. My path led me to the U.S. Food and Drug Administration (FDA) where I stayed for nearly 10 years, the last few of which I spent on engineering and integration work. I came to NIST in 2016 and have enjoyed the variety of cybersecurity work topics and experiences.
Describe the role(s) that you play at NIST. What are some interesting projects you’ve worked on recently?
My role at NIST is a cybersecurity researcher. I enjoy branching out, researching and providing guidance related to a variety of cybersecurity projects. Many of my projects involve collaborating with cybersecurity experts from other federal agencies as well as the private sector. Since a primary focus of my work is in the healthcare sector, earlier this year I published updated cybersecurity guidance related to the HIPAA Security Rule. I’m currently assisting in planning for a HIPAA Security Rule conference this October.
Our Cybersecurity for IoT program has been busy developing guidance for recommended cybersecurity requirements for consumer-grade router products as well as a Product Development Cybersecurity Handbook. At NIST’s National Cybersecurity Center of Excellence, we’ve been developing guidance for how to securely provision IoT devices with their network credentials and working to publish cybersecurity guidance for residential and light-commercial smart inverters.
What is your favorite part about working at NIST?
Working at NIST is a great adventure. In addition to working with some of the brightest minds in the industry, the portfolio of cybersecurity projects at NIST is very extensive. No matter what your interest or specialty, there is sure to be a related NIST project. I also enjoy getting to collaborate with experts from other government agencies, academia, and industry to solve cybersecurity problems.