Nikki - What do you see as emerging trends around cybersecurity guidance and frameworks? With the newer NIST 800-53r5 and the SSDF, there is a TON of literature coming out from NIST. What's next? 

Chris - I wanted to dig into SSDF a bit. Can you tell us a bit about being involved in that? How it came about after the Cyber EO and your experience writing it? 

Chris - We know OMB is now requiring Federal agencies to start to self-attest to secure software development practices, specifically SSDF practices. How does it feel to have your work be cited in something this far reaching?

Chris - What do you think organizations neglect most when it comes to secure software development, do you think the OMB memo will have a rising tide impact on the ecosystem like other frameworks such as CSF outside of Government?

Nikki - What are some of the most fun parts of your job? You've written so much incredible content for not just the cybersecurity industry, but so many SMB's and non-for-profits can use the NIST guidance as a place to build their cybersecurity programs. 

Nikki - What is one of the biggest challenges in writing something like the SSDF or the Cybersecurity Framework? I would imagine there are so many considerations that go into deciding on everything from format to the type of language you use. 

Chris - What are your thoughts around the attention as of late on software supply chain security, SBOM's and topics in that domain? Do you think we need more guidance and publications on this front?

Nikki - Before taking us to our last question, I wanted to ask you about your blog! It's called Scarfone Cybersecurity and I know you're just getting this going. Can you talk a little bit about why you wanted to start this blog? What are you interested in writing about? 

Nikki -  What does Cyber Resiliency mean to you?