Fraud Management & Cybercrime
Governance & Risk Management
NIST Standards

Ron Ross of NIST Discusses Moving Away From Stovepipe Thinking

Brian Barnier, ValueBridge Advisors (left) and Ron Ross, National Institute of Standards and Technology

In preparation for the relaunch of ISMG’s cybersecurity education platform,, Ron Ross of the National Institute of Standards and Technology and Brian Barnier, who is designing a course on critical thinking and design thinking to be hosted exclusively on, discuss the need for reorienting toward systems thinking in cybersecurity.

See Also: Live Webinar | A Buyers’ Guide: What to Consider When Assessing a CASB

“We live in a stovepipe today, and we have to get out of this stovepipe and get more into the systems development process, the systems engineering process, in order for us to solve these critical and difficult problems,” Ross says.

He also discusses:

  • How he entered the field of cybersecurity 32 years ago;
  • Why people in cybersecurity get stuck in silos and how to get out of them;
  • How to break away from a compliance mindset and use systems thinking to address cybersecurity concerns.

Ross specializes in information security, systems security engineering and risk management. He leads NIST’s Federal Information Security Management Act Implementation Project, which includes the development of key security standards and guidelines for the federal government and critical information infrastructure. Ross also leads the Joint Task Force, an interagency partnership with the Department of Defense, Office of the Director National Intelligence, the U.S. Intelligence Community and the Committee on National Security Systems, with responsibility for developing the Unified Information Security Framework for the federal government and its contractors. In addition to his responsibilities at NIST, Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection.