S2E17: Ron Ross (NIST)

In this episode of Resilient Cyber, Chris Hughes and Dr. Nikki Robinson speak with Dr. Ron Ross from NIST (National Institute of Standards and Technology) about the latest innovations in DevSecOps, building cyber resilience, and transforming compliance frameworks. Dr. Ross shares insights from his decades of experience in cybersecurity policy, standards development, and risk management. 📚

🔑 Key Highlights:

• Dr. Ross’s career journey from the military to NIST and his contributions to cybersecurity standards like FISMA, RMF, and FIPS

• The importance of embedding security by design into systems through DevSecOps

• How NIST is addressing the growing challenge of software supply chain security

• Insights into NIST's 800-160 series, focusing on cyber resilience and secure system design

• The role of continuous monitoring and the future of ongoing authorization in cybersecurity

• Why vulnerability management must evolve to account for real-time threats and dynamic environments

• How collaboration between industry, academia, and government drives innovation in cybersecurity policy and standards

Dr. Ross also discusses how the shift towards cyber resilience and secure by design approaches is critical to protecting systems in today’s rapidly changing threat landscape.