Sign up to save your podcasts
Or
Share S2E17: Ron Ross (NIST) - DevSecOps, Resilience and Compliance Innovation
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
S2E17: Ron Ross (NIST) - DevSecOps, Resilience and Compliance Innovation
Nikki - Can you tell us a little bit about what you're currently working on right now at NIST?
Chris - Software Supply Chain Security has become a hot topic lately. We know NIST published 800-161 covering C-SCRM, C-SCRM is a complex topic. Where do you see the industry going forward in terms of maturing C-SCRM practices?
Nikki - Speaking of maturing C-SCRM practices, do you feel that there is a need to provide more documentation for maturing other aspects of cybersecurity? I do not see a lot of people in the industry discussing vulnerability management programs, but it continues to be a challenging undertaking for organizations.
Chris - NIST 800-160 focuses on developing Cyber Resilient Systems. The DoD's Software Modernization Strategy focuses on Cyber Survivability as well. Do you feel the focus on resilience is critical, knowing that no system is infallible?
Chris - The Government is making a big push for DevSecOps. Many argue that the Governments approach to compliance, with RMF is too cumbersome for DevSecOps. Do you disagree with this? If so, why, and do you think there's any changes we can make to better facilitate DevSecOps adoption?
Nikki - NIST is very well known for their inclusion of public collaboration with practitioners, researchers, and academic institutions - do you feel that there is more that can be done to increase collaboration between public, private, and academic institutions?
Chris - There's tons of buzz about cATO. Despite this recent buzz, Ongoing Authorization has been part of the RMF lexicon for quite some time. Do you feel that modern technologies such as Cloud can better help agencies and systems achieve a cATO?
Nikki - NIST has been on an absolute roll lately with publishing guidance, much of it tied to the Cyber EO. From Zero Trust, SSDF, and more. How does the organization keep such a pace on publishing industry guidance? What can we look for next in terms of big publications from NIST?
Chris - What's next for Ron Ross? You've been involved in countless major publications and methodologies. What do you see the legacy of Ron Ross being when you finally step away from being such a pillar in our community?
Nikki - What does cyber resiliency mean to you?
View all episodes
By Chris Hughes
4.9
1616 ratings
Nikki - Can you tell us a little bit about what you're currently working on right now at NIST?
Chris - Software Supply Chain Security has become a hot topic lately. We know NIST published 800-161 covering C-SCRM, C-SCRM is a complex topic. Where do you see the industry going forward in terms of maturing C-SCRM practices?
Nikki - Speaking of maturing C-SCRM practices, do you feel that there is a need to provide more documentation for maturing other aspects of cybersecurity? I do not see a lot of people in the industry discussing vulnerability management programs, but it continues to be a challenging undertaking for organizations.
Chris - NIST 800-160 focuses on developing Cyber Resilient Systems. The DoD's Software Modernization Strategy focuses on Cyber Survivability as well. Do you feel the focus on resilience is critical, knowing that no system is infallible?
Chris - The Government is making a big push for DevSecOps. Many argue that the Governments approach to compliance, with RMF is too cumbersome for DevSecOps. Do you disagree with this? If so, why, and do you think there's any changes we can make to better facilitate DevSecOps adoption?
Nikki - NIST is very well known for their inclusion of public collaboration with practitioners, researchers, and academic institutions - do you feel that there is more that can be done to increase collaboration between public, private, and academic institutions?
Chris - There's tons of buzz about cATO. Despite this recent buzz, Ongoing Authorization has been part of the RMF lexicon for quite some time. Do you feel that modern technologies such as Cloud can better help agencies and systems achieve a cATO?
Nikki - NIST has been on an absolute roll lately with publishing guidance, much of it tied to the Cyber EO. From Zero Trust, SSDF, and more. How does the organization keep such a pace on publishing industry guidance? What can we look for next in terms of big publications from NIST?
Chris - What's next for Ron Ross? You've been involved in countless major publications and methodologies. What do you see the legacy of Ron Ross being when you finally step away from being such a pillar in our community?
Nikki - What does cyber resiliency mean to you?
More shows like Resilient Cyber
View all
Hacked
184 Listeners
Risky Business
375 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
637 Listeners
CyberWire Daily
1,017 Listeners
The Application Security Podcast
36 Listeners
Darknet Diaries
8,010 Listeners
Cybersecurity Today
175 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
73 Listeners
Cloud Security Podcast
57 Listeners
All-In with Chamath, Jason, Sacks Friedberg
9,830 Listeners
Cyber Security Headlines
134 Listeners
CISO Tradecraft®
48 Listeners
AI Security Podcast
4 Listeners