Ten years after the launch of the seminal Cybersecurity Framework (CSF), the National Institute of Standards and Technology (NIST) released the long-awaited Version 2.0 the morning of February 26.
Hours later, NIST leaders joined us to discuss the new CSF, as well as a suite of new supplementary resources accompanying it: online tools, implementation examples, and quick start guides to help organizations reduce their cybersecurity risks. We were honored to hear from Under Secretary of Commerce for Standards and Technology and NIST Director Laurie E. Locascio as well as Cherilyn Pascoe and Adam Sedgewick, the CSF Program Leads on versions 1 and 2. They shared why organizations need to supercharge their cybersecurity efforts and how CSF 2.0 can take cybersecurity risk management to the next level within the larger context of enterprise risk management.
Finally, we hosted a panel of industry experts on how the CSF has changed the way we assess, implement, and even talk about cybersecurity — and get their take on this new version.
Dr. Laurie Locascio
Under Secretary of Commerce for Standards and Technology and Director, NIST
Read about Dr. Laurie Locascio
Dr. Laurie Locascio is currently the Under Secretary of Commerce for Standards & Technology & the director of the National Institute of Standards and Technology (NIST). Locascio most recently served as vice president for research at the University of Maryland College Park and University of Maryland Baltimore. Before joining the University of Maryland, Locascio worked at NIST for 31 years, rising from a research biomedical engineer to eventually leading the agency’s Material Measurement Laboratory. She also served as the acting associate director for laboratory programs, providing direction and operational guidance for NIST’s lab research programs. As a researcher, she has published 115 scientific papers and has received 12 patents in the fields of bioengineering and analytical chemistry. She is a fellow of the National Academy of Inventors, the American Association for the Advancement of Science, the American Chemical Society, and the American Institute for Medical and Biological Engineering. Dr. Locascio was recently elected to the National Academy of Engineering.
Director, National Cybersecurity Center of Excellence, NIST
Read about Cherilyn Pascoe
Cherilyn Pascoe is the Director of the NIST National Cybersecurity Center of Excellence (NCCoE). She provides strategic direction and technical leadership for the NCCoE, aligns the NCCoE’s work with the industry, government, and NIST priorities, and builds relationships with key stakeholders. Prior to her role as Director of the NCCoE she served as the Senior Technology Policy Advisor, advising NIST leadership on technology policy and strategy, including cybersecurity, privacy, and artificial intelligence. She also led the NIST Cybersecurity Framework program and was a team member of the NIST AI Risk Management Framework. Prior to joining NIST in 2021, she served more than a decade in staff leadership roles on the US Senate Committee on Commerce, Science, and Transportation. Most recently, she served as Deputy Policy Director managing the Committee’s Space and Science Subcommittee, which has jurisdiction over science, technology, standards, and civil space policy.
Acting Associate Director for IT Standardization, NIST
Read about Adam Sedgewick
Adam Sedgewick serves as Acting Associate Director for IT Standardization at the National Institute of Standards and Technology, where he has worked since 2012. In this role, Adam advises NIST leadership on standardization activities, cybersecurity, privacy, and related issues.
In 2017, Adam served as Technology Policy Advisor in the Department of Commerce’s Office of Policy in Strategic Planning. Prior to NIST, Adam was Senior Advisor to the Federal Chief Information Officer Council, developing and assisting in the implementation of governmentwide policy related to technology issues. Adam was a Professional Staff Member for the Senate Committee on Homeland Security and Governmental Affairs for nine years, handling cybersecurity and federal information technology policy.
Senior Vice President, Technology Risk Management, Mastercard
Read about Jen Buckner
Jennifer “Jen” Buckner leads Mastercard’s Second Line of Defense Technology Risk team, ensuring effective governance and oversight of security and technology risk management practices , including risk frameworks, policies, and procedures aligned with industry best practices and regulatory expectations, objective risk assessment, challenge, monitoring, and reporting, and collaborative internal and industry partnerships.
Jen is a former U.S. Army Brigadier General who held numerous intelligence and leadership positions throughout her 30-year military career. In her last government role, Jen served as the U.S. Army’s Director of Cyber, where she led governance and oversight of cyber capabilities and championed emerging technologies to detect and disrupt significant cyber threats.
In operational roles, Jen shaped U.S. Cyber Command’s response to major cyber events attributed to nationstate adversaries, led a U.S. government interagency task force to counter ISIS in cyberspace, and established relationships with U.S and foreign partners focused on mitigating the threat of cyber-attacks. As the first Chief of the Army’s cyber branch and training center, she developed and implemented strategies for cyber talent recruitment, retention, and leader development.
Jen currently serves on Everfox Executive Advisory Board and Cyber Risk Institute Board; as a Leadership Fellow with the Association of the U.S. Army, she engages with academic institutions, national organizations and community partners on national security, cyber operations, and leader development.
An Army Sports Hall of Fame athlete, master parachutist and former All-American collegiate swimmer, Jen holds a BS in Mechanical Engineering Management from West Point and an MBA from Central Michigan University. She was the first U.S. Army Cyber Fellow at the National Security Agency, completed Harvard’s Executive Education Program in Cybersecurity, National Association of Corporate Directors Battlefield to Boardroom program, and Carnegie Mellon’s Chief Risk Officer Certificate program.
Senior Director & Head of Global Cybersecurity Policy, SAP
Read about Anjelica Dortch
Anjelica Dortch is Senior Director and Head of Global Cybersecurity Policy at SAP where she manages the company’s cybersecurity, artificial intelligence, and workforce policy portfolio. Prior to joining SAP, Ms. Dortch led scale up of tech policy positions at IBM within the Government and Regulatory Affairs team with a focus on artificial intelligence, hybrid cloud, and intellectual property. Ms. Dortch spent 10 years working for a variety of U.S. federal agencies including the Executive Office of the President as a Senior Technology Advisor where she led coordination of several tech policy initiatives within the U.S. government. She has co-authored U.S. policies and strategies including the 2018 National Cyber Strategy, the Presidential Executive Order on America’s Cybersecurity Workforce (EO 13870), the U.S. Federal Cloud Computing Strategy (or Cloud Smart), and the Administration’s Report on Artificial Intelligence. Ms. Dortch is the recipient of the Office of Management and Budget Special Achievement award, Women Leading for Impact award, the University of Maryland Outstanding Alumnus award, and Federal Computer Week’s Rising Star award. Ms. Dortch holds a Bachelor of Arts degree in Philosophy and a Master of Science in Financial Management and Information Systems from the University of Maryland.
Director, Global Public Policy, Salesforce
Read about Danielle Gilliam-Moore
Danielle Gilliam-Moore first started her 5-year career on Capitol Hill as an intern for Senator Casey (D-PA) in 2010. Along the way, she worked for the Senate Committee on Homeland Security and Governmental Affairs, working on Cybersecurity and Counterterrorism. She then moved to work for Senator Tammy Baldwin (D-WI) where she was responsible for a portfolio that included defense, foreign relations, homeland security, and veterans’ issues. Danielle first worked off the Hill as the Manager for the Legislative Strategy team at BSA | The Software Alliance. In 2017 Danielle first joined Salesforce as Manager for Federal Government Affairs. Now as the Director for Global Public Policy, she works on software related policy issues such as trade, artificial intelligence, privacy, and cybersecurity.
Danielle is a graduate of Smith College where she earned a B.A. in political science and religious studies.
Cybersecurity Strategic Risk Manager, General Motors Company
Read about Christine Pelione
Christine Pelione, GM’s Cybersecurity Strategic Risk Manager, is responsible for the management of enterprise, product, and manufacturing cybersecurity risk in securing innovative technologies throughout GM’s ecosystem and to engage cross-functionally to promote awareness and increase cyber resiliency across industries.
She is responsible for leading cybersecurity and corporate functions in elevating a holistic, enterprise-wide view of cyber risk and maturation; to integrate corporate cybersecurity strategies and processes; to identify and nurture collaborative engagements strengthening cybersecurity capabilities; to drive individual, corporate and industry cybersecurity culture; and to govern corporate business response and recovery efforts. Christine also serves as the Vice Chair of the Auto-ISAC’s Education and Training Standing Committee and as co-chair of the Small Business Advisory Council for the Cyber Readiness Institute.
Christine is currently pursuing a Master of Science in Information Technology Security and Assurance from Carnegie Mellon University, holds an Advanced Computer Science Certificate from Stanford University and a Bachelor of Arts in Business Administration from Baker College.
Senior Director, Cybersecurity Programs, Aspen Digital, The Aspen Institute
Read about Jeff Greene
Jeff Greene is the Senior Director for Cybersecurity Programs at the Aspen Institute. Jeff joined Aspen in July of 2022 from the White House, where he served as the Chief for Cyber Response & Policy in the National Security Council’s Cyber Directorate. Jeff led the NSC’s defensive cyber and incident response efforts, and his team developed and drafted Executive Order 14028 (Improving the Nation’s Cybersecurity). Jeff also ran the White House counter-ransomware effort and oversaw the whole-of-government effort to harden the cybersecurity of U.S. critical infrastructure in advance of Russia’s further invasion of Ukraine.
Jeff previously served as Director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology (NIST). Prior to joining NIST he was the Vice President of Global Government Affairs and Policy at Symantec, where he led a global team of policy experts. While at Symantec Jeff also served as an appointed member of NIST’s Information Security and Privacy Advisory Board and was a special government employee working on President Obama’s 2016 Commission on Enhancing National Cybersecurity. Before Symantec Jeff worked on both the House and Senate Homeland Security Committees, was Counsel to the Senate’s Special Investigation into Hurricane Katrina, and practiced law at a large Washington, D.C. firm.
Managing Director of Cybersecurity Services and Policy, Venable LLP
Read about Ari Schwartz
A leading voice in national cybersecurity policy, Ari guides the establishment of cybersecurity consulting services for Venable and directs Venable’s Cybersecurity Risk Management Group. Ari assists organizations with understanding and developing risk management strategies, including implementation of the Cybersecurity Framework and other planning tools to help minimize risk. Ari also coordinates the Cybersecurity Coalition and the Center for Cybersecurity Policy and Law, a group of leading cybersecurity companies dedicated to educating policymakers on cybersecurity issues and promoting a vibrant marketplace for cybersecurity technology solutions and is the current Chair of the IT Sector Coordinating Council. Prior to joining Venable, Ari was a member of the White House National Security Council, where he served as special assistant to the president and senior director for cybersecurity. Ari also served in the Department of Commerce, where he advised the secretary on technology policy matters related to the National Institute of Standards and Technology (NIST), the National Telecommunications and Information Administration (NTIA), and the U.S. Patent and Trademark Office (USPTO).
President, Paladin Global Institute
Read about Kemba Walden
Kemba Walden is an American lawyer who serves as the President of the Paladin Global Institute. Walden comes to Paladin after serving as the acting United States National Cyber Director in 2023. She joined the Office of the National Cyber Director as its inaugural principal deputy in June 2022. While at the White House, she substantially contributed to the development of and launched the National Cybersecurity Strategy (March 2023) and the corresponding Implementation Plan (June 2023). Walden also executed the joint OMB/ONCD Spring Guidance to Federal Departments and Agencies on cyber priorities as they develop their fiscal year 2025 budgets (June 2023). She had a substantial role in developing the National Cybersecurity Workforce and Education Strategy, ultimately executing it in July 2023. In addition, Walden lead the U.S. Government in U.S.-Cyber Dialogues with Singapore and Ukraine and was the head of the U.S. Delegation in several international cyber fora, including Cyber UK, Israel Cyber Week, and the OAS Cybersecurity Summit. In 2023, she brought cybersecurity into the global national security conversation at the Munich Security Conference.
Walden was previously an Assistant General Counsel in the digital crimes unit at Microsoft where she launched and lead Microsoft’s counter ransomware program. Prior to Microsoft, Walden spent a decade in government service at the United States Department of Homeland Security, most recently at the Cybersecurity and Infrastructure Security Agency where she focused on election security, the financial services sector, and the energy sector. Walden was also an inaugural member of the Cyber Safety Review Board responsible for reviewing the Log4Shell vulnerability as well as the Lapsus$ Ransomware gang and producing recommendations for improving the cybersecurity of the Nation.
Walden continues to serve as a co-chair of the Ransomware Task Force and serves as an adjunct professor at Georgetown’s School of Continuing Studies teaching a graduate level course entitled “Information Security Laws and Regulatory Compliance.”
She earned a B.A. from Hampton University, a Master’s in Public Affairs from Princeton University, and a J.D. from the Georgetown University Law Center.