From Paul's Security Weekly
Jump to: navigation, search

Recorded on October 29, 2019, @G-Unit Studios in Rhode Island!

Episode Audio


  • Jeff Man
    infosec analyst, pioneering ex-NSA pen tester, PCI specialist,
    Tribe of Hackers, & InfoSec Curmudgeon.
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Scott Lyons
    CEO at Red Lion
    MISTI Instructor
    Patent Holder
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit and click the register button to register with our discount code!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to and use our code to register!
    • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting, selecting the webcast drop down from the top menu bar and clicking registration.

    Interview: Ronald S. Ross, NIST 12:00-1:00PM

    Ronald S. Ross
    is the Computer Scientist at NIST.
    Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.

    • Project Leader, FISMA Implementation Project
    • Project Leader, Joint Task Force Transformation Initiative
    • FISMA Standards and Guidelines
    • Enterprise Risk Management
    • Risk Management Framework
    • Software Assurance
    • Security Architecture and Engineering

    Interview Questions


       Tell us about your background? How did you end up at NIST?
       Where do you stand on the continuum of compliance and security?
       What is the difference between a standard and a framework?
       What does NIST produce?


       What problem(s) do you see? What are you trying to solve?


       Describe what you are doing to tackle the problems?
       What is NIST doing to tackle these problems? 
       Why should anyone outside of government/government contracting pay attention to NIST?


       Where do you see these programs going?
       What are keys to the success of implementing the various NIST standards and frameworks?
       How can we help?
       How can our listeners help or get involved?