S4E2: Resilient Cyber w/ Karen Scarfone

In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson sit down with Karen Scarfone, a cybersecurity expert and writer, to discuss secure software development and NIST's impact on security guidance. Karen has been a key contributor to NIST’s Secure Software Development Framework (SSDF) and shares insights on the importance of secure coding practices, incident response, and emerging trends in cybersecurity frameworks.

🔑 Key Highlights:

• NIST SSDF Evolution: How the Secure Software Development Framework (SSDF) was revised following the Cybersecurity Executive Order, and the challenges of creating a framework that applies to diverse organizations.

• The Importance of Maintenance: Why many organizations overlook software maintenance, leading to vulnerabilities in aging code.

• Incident Response & NIST 800-61: Karen's role in developing NIST’s incident response guidance and its continued relevance in today’s federal cybersecurity.

• Supply Chain Security: The growing focus on software supply chain security, SBOMs, and the need for more comprehensive guidance on this critical topic.

• Writing for Cybersecurity: Karen’s passion for technical writing, her new blog, and tips for anyone interested in starting a cybersecurity writing career.

Tools & Resources Mentioned:

• NIST SSDF: The Secure Software Development Framework.

• NIST 800-61: Incident Response Handling Guidance.

• Cybersecurity Executive Order: Its influence on revising the SSDF.