From Security Weekly Wiki
Jump to navigationJump to search

Recorded on October 29, 2019, @G-Unit Studios in Rhode Island!

Episode Audio


  • Jeff Man
    Infosec analyst
    Pioneering ex-NSA pen tester
    PCI specialist
    Tribe of Hackers
    InfoSec Curmudgeon
    Currently a Sr. InfoSec Consultant for Online Business Systems.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Scott Lyons
    CEO at Red Lion
    MISTI Instructor
    Patent Holder
  • Josh Marpet
    COO at Red Lion
    IANS Faculty
    Blockchain Patent Holder
    MISTI Instructor
    Entrepreneurship Curmudgeon
    Board Member BSidesDE
    Board Member BSidesDC
    Ex-cop and Fireman
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting and clicking the button to join the list! You can also submit your suggestions for guests by going to and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: Ronald S. Ross, NIST 12:00-1:00PM

    Ronald S. Ross
    is the Computer Scientist at NIST.

    Ron Ross is a Fellow at the National Institute of Standards and Technology. His focus areas include cybersecurity, systems security engineering, and risk management. Dr. Ross leads the Federal Information Security Modernization Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical infrastructure.


    • Project Leader, FISMA Implementation Project
    • Project Leader, Joint Task Force Transformation Initiative
    • FISMA Standards and Guidelines
    • Enterprise Risk Management
    • Risk Management Framework
    • Software Assurance
    • Security Architecture and Engineering

    Interview Questions


       Tell us about your background? How did you end up at NIST?
       Where do you stand on the continuum of compliance and security?
       What is the difference between a standard and a framework?
       What does NIST produce?


       What problem(s) do you see? What are you trying to solve?


       Describe what you are doing to tackle the problems?
       What is NIST doing to tackle these problems? 
       Why should anyone outside of government/government contracting pay attention to NIST?


       Where do you see these programs going?
       What are keys to the success of implementing the various NIST standards and frameworks?
       How can we help?
       How can our listeners help or get involved?