Ellie Mae CISO Selim Aissi Discusses How the NTSC Allows the Nation’s Top CISOs to Shape Cybersecurity Policy

As Ellie Mae’s SVP and Chief Security Officer, Dr. Selim Aissi is responsible for the company’s security engineering, operations, strategy, cyber risk, cyber resiliency, and third-party risk management. He has over 25 years of experience in the security industry, earned his B.S., M.S., and Ph.D. in engineering from the University of Michigan, Ann Arbor, and has filed over 100 patents in various areas of computer and information security, many of which are deployed in current computing systems, data centers, and consumer products (such as Visa Checkout and Apple Pay). Dr. Aissi also serves as a board member of various startups, leading venture capital firms, and security organizations.

Among his credentials, Aissi is also a founding board member of the National Technology Security Coalition (NTSC). Since the NTSC’s beginnings in 2016, he has seen the organization grow and become more influential in Washington, D.C. Previously lacking a collaborative national voice related to cybersecurity policy, CSOs and CISOs now have access to an organization that Aissi says is unique and critically important for them to join. In this short Q&A, Aissi discusses why he helped found the NTSC, why its mission is important, and why other CISOs need to get involved.

Why did you help found the NTSC?

During my more than 25 years in security, I noticed that CISOs and other top security executives did not have an easy way to voice concerns and collaborate about national cybersecurity policy in a non-commercial, non-vendor, non-political environment. Much of the collaboration among CISOs at the national level is generally either vendor-driven or involves profit through an organization not really focused on driving the voice of CISOs. That’s why a few of my peers and I participated in some phone calls a few years ago and decided to build the NTSC—a national nonpartisan, nonprofit organization with the goal of benefiting and advancing the agenda of CISOs. A huge thank you to my colleague Tim Callahan, SVP and CISO of Aflac, for being such a great partner through the NTSC journey!

After the NTSC’s inception, we started creating pillars and attributes, decided upon our focus, and outlined a roadmap for the next few years. One of our pillars is education. We wanted to spread the agenda of CISOs and articulate their needs to lawmakers, policymakers, and other critical stakeholders at the national level. Another pillar is advancing dialogue between CISOs. A lot of CISO dialogues exists at the local, state, and regional levels, but we didn’t see any significant dialogue and information sharing at the national level. The third pillar is interaction with regulations, both current and emerging, through government relations with the goal of impacting current and upcoming policies. The NTSC has done a great job influencing upcoming policies and reviewing drafts as they come up.

At the end of the day, the goal of the NTSC is to truly advance cybersecurity at the national level. That’s really the bottom line, and why we wanted to start this organization.

Why is the NTSC's mission so important?

Cybersecurity is top of mind for regulators, government agencies, and the public and private sectors. Today, there is an unprecedented amount of concern and investment toward cybersecurity. The ability to impact and shape the national cybersecurity agenda through creating policy definitions, discussing issues with policymakers during roundtables and meetings, working to impact new policies, and creating some harmony between CISOs and senior executives at hundreds of companies throughout the United States is very critical at this point—in fact, more critical than ever.

At a high level, CISOs are concerned about our national infrastructure, government agencies, and ever-evolving advanced threats such as ransomware that are becoming a national crisis. Nearly every day, a new public or private entity is impacted by a ransomware attack. This is really a time during which the NTSC can play a huge role in driving national cybersecurity policy in a way that not only helps CISOs protect their businesses but also addresses our nation’s most critical cyber threats.

What are a few examples of ways that you've personally benefited from participating in the NTSC?

First, gaining visibility into early drafts of national cybersecurity policies, and both impacting and shaping those policies, is important to me and my company. Second, I personally hosted one of the NTSC’s roundtable sessions last year in the San Francisco Bay area. The dialogue among the CISOs, speakers, and other attendees was amazing. I’m still getting feedback from some of the participants, and this experience has been extremely beneficial to me. Because I’m in the fintech industry, regulations are continuously evolving. Several regulatory agencies are involved in the fintech and financial industries such as the Federal Reserve Board of Governors (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB). I pick up a lot of information about emerging regulations from NTSC events, which provides me a lot of value. I also get useful information about emerging threats and we talk a lot about digital resiliency. Overall, NTSC conferences and roundtables keep me abreast of many national cybersecurity trends and patterns where we discuss national cyber policy with heavy conversations about the role that CISOs can play. The NTSC is one of my top sources for this information. Third, building several new advisory councils for the NTSC has offered tremendous value to our Board of Directors—and for me personally, I take a lot of pride in helping build these advisory councils.

For CISOs currently not participating in the NTSC, why do they need to get involved? What are they missing?

Look at who is on the NTSC Board of Directors. It’s basically the crème de la crème of CSOs and CISOs, the top CSOs and CISOs in the nation, engaging in dialogue and shaping the future of national cybersecurity policy. There aren’t too many unique opportunities in our industry where the top CSOs and CISOs work together in one nonpartisan, nonprofit body that’s independent of any vendor and shapes the future of cyber policy. I can’t think of another opportunity where CSOs and CISOs are able to wield this kind of impact.