In the spring of 2018, I spoke to Ryan Tappis about the NIST Cybersecurity Framework (CSF) and its adoption in the public and private sectors.
Ryan is a managing director and cybersecurity practice lead for Northramp LLC — a management consulting firm based in Reston, Va. In his 15+ year career, Ryan has provided cybersecurity advisory services to clients across the federal government and commercial sector.
He is widely recognized as a subject matter expert in all things related to (non-military) federal cybersecurity — from Federal Information Security Modernization Act (FISMA) compliance, to the DHS CDM program, to TIC and the OMB cloud first initiative. Like many top cyber pros, his resume reads like “alphabet soup,” with CISSP, CISM, PMP, CRISC, and SCCISP certifications.
Beyond his technical expertise, I often turn to Ryan for answers because he offers plain-spoken, practical advice on matters related to federal government programs and projects.
Following up on that first discussion, I recently reached out to get Ryan’s take on the current public sector cybersecurity landscape in Washington, D.C. Even if you have no public sector experience or interest, I encourage you to continue reading to learn more. What I found interesting was that the public sector challenges, pain points, and lessons learned that Ryan described are truly universal across any industry.
Before we jump in, Ryan asked that I provide these two caveats:
First, his experience is exclusively in the civilian sector of the government. He doesn’t speak on cybersecurity topics within the U.S. Department of Defense (DoD) or Intelligence Communities.
Second, the stories below are true, but the client names have been left out to protect the innocent.
Interview Between Dan Lohrmann and Ryan Tappis
Dan Lohrmann (DL) – For most people, the first challenge that comes to mind (Read more...)
*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/lessons-learned-from-federal-agency-cybersecurity-projects.html