A: What led you down the path of becoming a security expert?
ND: It wasn’t a direct path—though I don’t know many people whose career paths are straight and steady. I grew up in Southern California where I enjoyed the sun and surf and eventually went to UCLA to become an actuary. Once I got into my studies I realized that path was not right for me. I was looking for something more adventurous and so I decided to leave college and joined the Army. I signed up to be a Russian linguist working in signals intelligence to intercept communications to develop intelligence against foreign adversaries. Joining the Army set the tone for the rest of my career, and I suppose you could say that from the very beginning understanding and managing data has been a core passion.
A: You held a very key role in advancing the DHS cyber efforts, can you tell us about that?
ND: In 2008, President Bush introduced the Comprehensive National Cybersecurity Initiative. Shortly after that I was recruited from the Defense Information Systems Agency to stand up the cyber organization at DHS. At that time, I was working with $50-million annual budget and 33 federal employees. Within four years I had grown the budget for my organization to $1 billion a year, and I had more than 350 federal employees and 2,000 contractors. It was a significant step forward in the evolution of the cyber program and DHS and I am extremely proud of this accomplishment.
A: When you look across the cyber landscape, what would you say is the top challenge we face in solving our national cybersecurity crisis?
ND: That’s a tough question. But if I had to identify the top challenge we face today I would say the core issue is the fact that our federal agencies have different priorities. If you look at the Department of Homeland Security, the priority is to stop the threat immediately; prevent further damage. On the other hand, within the intelligence community, the goal is to keep the threat running so our intelligence professionals can gather more information against our nation’s adversaries’ tactics and techniques. And the law enforcement community’s priority is to gather data to prosecute those behind the threat. Balancing these three things is difficult. We don’t yet have an expeditious way of making it all work seamlessly but we will get there. We have to.
A: There have been so many breaches over the last few years. As you look at all that has happened, what is the thing that surprises you the most?
ND: Actually, it’s not the attacks that have surprised me, we can’t stop that from happening anymore. What surprises me is the fact that our defenses haven’t progressed sufficiently to address the attacks we face. Whether it’s the federal government or the private sector, we’ve been unable to successfully keep on top of the basic cyber hygiene we need to engage in to protect our citizens and our businesses. Because we don’t do a good job keeping our systems up to date and patched we haven’t made it challenging for cyber attackers. It’s like leaving a door unlocked on your house. If somebody wants to break in, they don’t have to be creative—just open the door. We’re still leaving doors open all over the place. That has to stop and with the work we are doing collectively as a nation to address this issue we will solve it.
A: What would you say is one key cyber strategy federal agencies should be looking at now?
ND: The application of artificial intelligence in new and innovative ways is critical. AI gives us the chance to examine the real possibility of self-healing, self-patching networks, which could be game-changing. With the advances we’re seeing in technology, cybersecurity can become a more automated, proactive process. Right now, it is a fairly intense effort for any organization to manage and monitor everything they need to do. Greater automation streamlines the process. Think of AI-driven defense mechanisms the way the immune system works for the body. Something bad finds its way in, and the immune system immediately starts attacking it. New technology will provide a similar, highly efficient means of deterring cyber-attacks.
A: You’ve had a very distinguished career. What would you point to as your most defining moments?
ND: I’m particularly proud of three things in my career. First, serving as a Russian translator for Secretary of Defense William Perry in the first-ever joint Russian and American military exercise, which occurred in Hawaii while I was stationed there. Second, working as the lead IT communications coordinator for more than 50 federal, state and local agencies during the recovery effort in 2003 for Space Shuttle Columbia. And third, overseeing the various cybersecurity programs at DHS. I was able to help grow the organization and accomplish the agency’s mission including the deployment of the EINSTEIN technology which, was used to discover a significant data breach.
A: Has there been one person who has influenced you in your career journey?
ND: When I was at NASA, one of my bosses, now retired, encouraged me to expand my security knowledge. He urged me to look across the board at all areas of security and do everything I could to expand my education and training. I became a Certified Information Systems Security Professional, a certified forensic examiner, got a degree in IT and a Masters in Cybersecurity. If I hadn’t listened to him, I might not be where I am today.
A: Your job clearly takes a lot of time and energy, but when you are not hands on at work, what do you do to relax?
ND: I love to bake. Name your dessert, and I can do it. Coconut cake and eggnog cheesecake are two of my specialties. I have a pretty busy job so I really get baking in earnest around the holidays. Every Christmas, I have five to seven different desserts. If I could do it year-round, everybody in my household would be thrilled.