Guest blog post by Gema Howell, Computer Scientist and IT Security Engineer at the National Institute of Standards and Technology (NIST)
I am a computer scientist and IT security engineer at the National Institute of Standards and Technology. I work within the Applied Cybersecurity Division of NIST’s Information Technology Lab. I spend part of of my time at NIST’s Gaithersburg campus and part of my time at NIST’s National Cybersecurity Center of Excellence, or NCCoE, in nearby Rockville.
I earned a Master’s Degree in Cybersecurity from the University of Maryland, Baltimore County, and a Bachelor’s Degree in Computer Technology from Bowie State University. NIST hired me straight out of undergrad. While still an undergrad at Bowie State, I worked for the school as a software developer. I developed mobile applications as a proof of concept for deploying resources to first responders (fire, EMS, law enforcement).
At NIST’s National Cybersecurity Center of Excellence, I demonstrate how an enterprise can securely deploy mobile devices within its organization. I also help first responders – such as firefighters, EMS crews, and law enforcement officers – figure out their security needs. Then I provide guidance as to how they can best meet those needs and secure their smartphones, mobile devices and wearable devices, such as smartwatches and Bluetooth headsets. And last, I help secure our nation's voting systems by developing the cybersecurity standards and requirements for federally certified voting systems.
It is intense knowing that my work has such a major impact on our nation’s democracy. The various issues that we work through to bring the old/dated voting systems up to speed with today’s technology and security requirements is hard work but is always worth the discussion and the outcome. I never thought I would be working in such a highly visible and political area of importance to our nation.
I like having a clear audience for my work and getting to interact with stakeholders and industry. Also, seeing the impact NIST's work has on the general public means a lot to me. Everyone is looking for guidance and wondering where to get that guidance. Many federal agencies, private sector and other businesses in general look to NIST for guidance. As a representative of NIST, it's important to ensure that you are providing the facts while also accepting that some decisions aren't ours to make. For example, NIST can provide guidance for how businesses can make risk-based decisions when it comes to cybersecurity. They can do that using the Risk Management Framework or the NIST Cybersecurity Framework. However, there is not one solution that can secure every enterprise. Different businesses have different security needs. So, while NIST provides security guidance, it is important that organizations review, analyze and apply the necessary security controls that meet their organization’s needs.
As an undergrad, I was the researcher who was always looking for ways to develop tools that would help people. So coming to work at NIST was a smooth transition from one campus (my college) to another campus (a federal lab). I was a researcher then, and I still consider myself one now. NIST provides many opportunities for me to use what I've learned in cybersecurity to help the world.
Ed. note: This post is part of the Spotlight on Commerce series highlighting the contributions of Department of Commerce women during Women's History Month.