• Resilient Cyber
  • Posts
  • Resilient Cyber Podcast - Episode 20 - Dr. Michaela Iorga

Resilient Cyber Podcast - Episode 20 - Dr. Michaela Iorga

NIST / OSCAL

Author

Chris Hughes
July 11, 2021

Resilient Cyber Podcast - Episode 20 - Dr. Michaela Iorga - NIST / OSCAL

In this episode of the Resilient Cyber Podcast, hosts Chris Hughes and Dr. Nikki Robinson welcome Dr. Michaela Iorga from NIST. Dr. Iorga shares her extensive background in cybersecurity, with a focus on cloud computing, wireless networks, cryptography, and more. She discusses her journey from growing up in a communist country and earning two PhDs, to her current role as a senior security technical lead for cloud computing at NIST.

The conversation delves into Dr. Iorga's work on the Open Security Controls Assessment Language (OSCAL), which aims to automate and standardize security documentation. The discussion covers the importance of cloud security, the challenges of maintaining visibility and trust in cloud systems, and the potential for OSCAL to revolutionize the way security assessments are conducted in the federal government and beyond.

Highlights:

  • Dr. Michaela Iorga's Background: Dr. Iorga discusses her unique journey from naval architecture to applied mathematics, leading to her passion for cybersecurity and her role at NIST.

  • Introduction to OSCAL: Dr. Iorga introduces OSCAL, explaining its purpose in automating security documentation and its potential impact on federal cybersecurity practices.

  • Importance of Security Automation: The discussion emphasizes the need for continuous assessment and monitoring of cloud systems to maintain security and reduce vulnerabilities.

  • Collaboration with the Community: Dr. Iorga highlights the importance of public and private sector collaboration in advancing cybersecurity standards and practices, particularly through NIST's working groups.

  • Impact of OSCAL: The potential of OSCAL to facilitate continuous ATO (Authorization to Operate) and streamline compliance processes is explored, with a focus on its relevance to DevSecOps and cloud-native architectures.

  • Cyber Resilience: Dr. Iorga shares her perspective on cyber resilience, referencing NIST's SP 800-160, Volume 2, which focuses on developing resilient systems.