Does the Government's Cybersecurity Mouth Have Any Teeth in It? with Mariam Baksh, Staff Correspondent at Nextgov

On this episode of the IoT: The Internet of Threats podcast, Mariam Baksh, Staff Reporter at Nextgov, joins podcast host Eric Greenwald to explore the evolution of cybersecurity regulation, from the Biden Administration's 2021 Executive Order on Improving the Nation's Cybersecurity to September's OMB Memorandum on software supply chain security. Mariam and Eric discuss the cybersecurity goals of the administration, the merits of first-party versus third-party attestation, and the fine line that NIST walks between effecting change in cybersecurity versus overwhelming the resources of security practitioners and compliance personnel.  

Interview with Mariam Baksh 

Mariam Baksh is a staff reporter for Nextgov, a Washington, DC-based publication that reports on federal IT and tech policy through journalism, podcasts, and more. In her role at Nextgov, Mariam reports on the development of federal cybersecurity policy. Mariam has been covering technology governance since 2014 and earned her master's degree in journalism and public affairs from American University. 

In this episode, Eric and Mariam discuss:

  • Why the Biden administration issued last year's EO

  • NIST's balancing act between improving cybersecurity and avoiding the imposition of costly requirements on companies 

  • The challenges involved in measuring cybersecurity performance

  • The implications of a first-party vs. third-party attestation model

  • The value of an SBOM and its growing role in cybersecurity regulation

  • Whether the EO or the OMB memo will deliver any enforcement on the requirements they impose 

Find Mariam on LinkedIn:

Mariam Baksh: https://www.linkedin.com/in/mariam-baksh-99b1b428/

 

Learn more about Nextgov: https://www.linkedin.com/company/Nextgov/

Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.

If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.

To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visithttps://finitestate.io/.

Previous
Previous

The Cyber Insurance Questionnaire: Please Tell Me There's Another Way!, with Davis Hake, Co-Founder of Resilience

Next
Next

What Keeps an Industrial Cybersecurity Expert up at Night? with Jonathan Tubb of Siemens Energy