20 Years of Supporting NIST
My first major project for NIST was writing SP 800-61, Computer Security Incident Handling Guide at a time when most organizations didn't have any incident response capability. Soon I was co-authoring NIST pubs on log management, Windows XP, IPsec, malware prevention and handling, intrusion detection, and wireless network security. My next area of focus was researching vulnerability metrics, including co-authoring CVSS v2, helping establish SCAP, training and overseeing the original analysts for the National Vulnerability Database (NVD), and helping create new specs for software configuration vulnerability metrics and software feature misuse metrics.
I left the federal government in 2010 so I could work from home full-time and take on additional writing projects. I've continued supporting NIST on projects like the Cybersecurity Framework and the Secure Software Development Framework (SSDF) while also writing for security vendors, media outlets, and Fortune 500 companies. Having such a diverse range of clients has made me a better writer because I can readily think about a topic from several points of view.
At this point my life is a constant blur of publications (and Lego sets), and that's perfect. I wonder what will be in my inbox tomorrow...