Strengthening NCC Leadership and Strategy to Advance a Cyber-Resilient Society

The speed at which online risks are evolving has left 80% of society in the dust. We’re not just dealing with a technology issue here; we’re up against the limits of what any person can reasonably track and understand.

At the National Cybersecurity Center, we have spent almost a decade building cyber resilience through education, public service, and national partnerships. That work counts.

But the environment has changed. Artificial intelligence is reshaping threats that are reaching individuals more directly, and guidance designed for technical audiences is not meeting the needs of most of society.

This moment requires a shift. That is why the NCC is refocusing its strategy and leadership to help individuals understand online risk and act on it with confidence.

I’ve stepped in as CEO and Chairman as the NCC sharpens its focus on execution. The task is simple: help people understand online risk and take clear and actionable steps to stay safe.

Why Online Safety Has Become Harder for Individuals

Online safety has become more challenging as risks now reach people faster and more directly than ever before. Threats are no longer limited to technical environments, and it’s easy for all of us to be fooled. They appear in email inboxes, text messages, social media platforms, and everyday apps, and worse, they appear realistic in all perspectives.

The challenge is not a lack of concern but a mismatch between how risk is communicated and how people live and work online. Nearly one in three individuals lacks core digital security skills and does not want to become technical just to stay secure.

Several factors are driving this shift:

• Attacks now rely on speed and realism, not just technical exploits; thank you, artificial intelligence.
• Artificial intelligence has made scams harder to recognize.
• Guidance is often written for specialists, not everyday citizens.
• People are expected to act without knowing where to go and who to trust to get the information.

That gap became visible again this past weekend. Following a recent compromise, attackers targeted roughly 17.5 million Instagram users with unauthorized password reset attempts. 

In situations like this, confusion is the real vulnerability. People are forced to decide who and what to trust, where to go, and what action to take, often within minutes. When guidance is unclear or scattered, even careful individuals can make the wrong call.

This is why timely, practical alerts matter. With clear steps available when faced with online risk, to help people move from uncertainty to action.

Entering a New Chapter

I’ve been involved with the NCC for several years, first as a board member and now in an operating role. During that time, the nature of online risk has changed in ways that are hard to ignore. Artificial intelligence has accelerated, scaled, and made more realistic attacks, while guidance for every individual has not kept pace.

The NCC also reached a point where its structure needed to match its ambition. After years of building programs, partnerships, and credibility, it became clear that the next phase would require tighter alignment between strategy, leadership, and execution with the people we serve. Continuing with the same approach would have limited our ability to respond to what is happening now.

This new focus marks a shift in how we approach our mission. Our purpose is still public service, but the emphasis is sharper. We aim to help people understand real-life online risk and provide actionable guidance when it matters to every individual in our society.

The NCC’s Role as a Public Service Organization

The NCC was established as a nonprofit public service organization. Our focus was to reduce online risk by making cybersecurity knowledge usable outside technical and institutional settings. That mission is what drew me to the organization and has guided its work since it was chartered.

Over the years, the NCC has focused on building cyber resilience in practical ways. The organization helped introduce cybersecurity education from kindergarten through college and trained leaders across all 50 state legislatures. The goal was never awareness alone, but long-term capacity and understanding.

The NCC also stepped in where coordination mattered. It developed, operated, and transitioned the Space Information Sharing and Analysis Center (Space ISAC) to an independent member based nonprofit supporting information sharing in a domain that is now central to both national security and commercial activity. That work reinforced the importance of trusted, cross-sector collaboration.

At the community level, the approach stayed grounded. Summer cyber camps, adult education, and local awareness programs were designed to meet people where they are. Those efforts shaped a consistent view of resilience as something built over time through clear guidance and shared responsibility.  That was a good start, but frankly, it is not enough.

Guidance That Changes Outcomes—In Real Time

During an active threat, timing matters as much as accuracy. People are often forced to make decisions within minutes. Clear guidance at that moment can be the difference between a contained issue and widespread harm. Immediate threats do not eliminate longer-term risks, and both must be addressed simultaneously. 

Research from Infosec shows that human error is involved in 74% of data breaches. In most cases, the issue is not carelessness, but people being forced to make decisions quickly without clear guidance.

We saw this play out again over the weekend. When unauthorized password reset attempts began circulating widely, targeting Instagram users, many people were unsure who to trust or how to respond, given that the threat was not to trust emails from Instagram. The National Cybersecurity Center provided timely, plain-language guidance that helped reduce that uncertainty and point people toward safer actions.

Real-time guidance changes outcomes for a few clear reasons:

• Removes guesswork when time is limited.
• Helps people recognize what is legitimate and what is not.
• Focuses attention on the actions that matter most.
• Reduces the chance of reacting to false or misleading signals.

This is why real-time guidance is central to the NCC’s renewed mission. When threats move quickly, people need help that is clear, practical, and available at the moment they need it most.

Leading NCC Into Its Next Chapter

I’ve been involved with the NCC for several years, first as a board member and more recently in an operating role. That experience offered a clear view of both what the organization has built and where it needs to continue evolving. Taking on the CEO role grew from a shared understanding of what society needs today and the unique role the NCC can play.

As the NCC moves into its next phase, leadership must be closely connected to execution. Strategy, governance, and delivery need to work in tight alignment to reduce friction and turn plans into action. This leadership transition reflects a practical commitment to supporting that shift.

This role is not about redefining the NCC’s mission. It’s about ensuring the organization can move forward with focus and consistency as online risk continues to expand..

Strengthening the Board to Support Execution

As we sharpened the NCC’s mission, the board needed to change with it. The organization refreshed its Board of Directors and moved to a smaller, more balanced group designed to support clearer decision-making and stronger follow-through. That shift reflects the realities of the work ahead.

“Since the beginning of the NCC, our mission has remained consistent, even as technology and society have evolved,” said Kyle Hybl, Chairman Emeritus and President and CEO of the El Pomar Foundation. “What’s changed is the need to deliver that mission in new ways. I’m proud of what the NCC has achieved and confident in the leadership team guiding its future.”

We wanted a Board that could help turn public-service intent into practical results. By combining expertise in technology, cybersecurity, artificial intelligence, marketing, and senior leadership across sectors, the new board is working in conjunction with management to create a long-term strategy that addresses today’s online risks and rapidly delivers actionable guidance to stakeholders. This enhances NCC’s effectiveness in achieving its mission.

In addition to my role as Chairman, the board includes Kyle Hybl, Vishal Amin, Nick Copping, Rick Crandall, Dawn Meyerriecks, and Bob Thompson. Their backgrounds span building companies, leading complex institutions, and managing risk at scale.

Moving Forward with Clarity and Purpose

This shift is about meeting people where online risk actually shows up. When threats move quickly, and information is unclear, people need to know where to go for guidance they can trust and act on without hesitation. That expectation now defines the NCC’s work.

The scale of that need is already visible. In 2024, more than 193,000 individuals in the United States reported phishing attacks, with losses totaling millions, according to Statista. For many families, the consequences were immediate and difficult to undo.

For NCC, this means sharper focus and consistent execution. Leadership and governance are aligned around delivering practical support when it matters most. My responsibility is to ensure that work stays grounded in the needs of the public we serve, as online risk continues to evolve.