PSCR Staff Spotlight: IT Security Manager and Security Portfolio Lead

John Beltz is the IT Security Manager for NIST’s Public Safety Communications Research (PSCR) Division where he serves as the Security Research Portfolio Lead and manages PSCR’s world class telecommunications test network. Prior to joining PSCR six years ago, he worked for NIST in the Office of Information Systems Management (OISM). John is a veteran who proudly served in the U.S. Army for six years where he also earned his Bachelor of Science in Computer Information Systems at Hawaii Pacific University. Later, he achieved his Master of Science in Information and Telecommunication Systems at Johns Hopkins University. 

PSCR’s communication team interviewed Beltz in honor of Cybersecurity Awareness Month and the upcoming Veterans Day to learn more about his role in addressing cybersecurity concerns surrounding public safety.

Can you describe your current role? 

JB: I am the IT Security Manager for PSCR where I manage our Security Research Portfolio and our telecommunications research lab. I was also the technical lead for several prize challenges including the mFIT (Mobile Fingerprinting Innovation Technology) Challenge with the goal to improve the ability to capture law enforcement quality digital fingerprints on smartphones and tablets by using the available sensors on those devices. I also assist with the IT Security Officer services for the Communications Technology Laboratory (CTL). I have worked at NIST PSCR for the last six years and it has been the best job that I have ever had. 

What brought you to NIST? 

JB: Fifteen years ago, I was working for an information technology consulting firm in Washington, D.C. when I was assigned to a security audit for NIST. I really enjoyed my initial interactions with NIST because of the excellent security reputation and the professionalism of the people I met. I have to admit, I also loved the commute to Gaithersburg, which was only 10 minutes from my house. Chris Enloe, the Assessment & Authorization (A&A) Team Lead, had a position open and challenged me to review an A&A package to test my abilities. I guess I did a decent job because I was hired a few weeks later.

What is your background? How did you get into cybersecurity? 

JB: Working in cybersecurity wasn’t my life path or a major life decision that I had been working towards, it just happened. After high school, I joined the Army and served six years as a computer specialist and was able to finish my bachelor’s degree. I also received my Microsoft Certified Systems Engineer (MCSE) certificate just before leaving the Army. 

I was working at Nasdaq when the computer worm, Code Red, hit and infected 70% of all Windows web servers. My Vice President at Nasdaq told me to “make sure this doesn’t happen again.” I wrote some patching scripts and updated it consistently for each newly released patch. A few months later, the virus, the “SQL Slammer,” hit, but this time my department was protected. I expanded my patching services and started writing and enforcing standard security configurations for hundreds of servers. After the Nasdaq success, I continued my path in cybersecurity and soon attained my first security certification, the Certified Computer Information System Professional (CCISP).

What is your favorite thing about working at NIST? 

JB: There’s a lot that I love about working at NIST but specifically, it’s the culture. I’ve had to work hard my entire life and the culture and the people that work at NIST are incredible. This is a world class research organization that attracts the best scientists, so we’re an organization of passionate people. With our scientists so enthusiastic, that culture transitions to our support services as well. I also enjoy the great work-life balance here, especially where I live and work in Boulder, Colorado. I love working at NIST for those reasons, and PSCR excels even further in those same principals and we have the added passion of working to enhance first responder communications, ultimately helping them protect lives and property.

What are the projects you have worked on at NIST that excite you the most? Or that you’re most proud of? 

JB: I have been researching Identity Credential and Access Management (ICAM) for six years educating public safety on identity solutions, and the mFIT prize challenge has had the most immediate impact for public safety, but overall I love the diversity of my work at PSCR. When Dereck Orr (PSCR Division Chief) asked me to come and work here, I was both excited and nervous. My experience was in IP networks and security, and I had little experience with telecom and public safety communications. After six years at PSCR and a lot of hard work, I am still learning everyday, but maybe not nervous anymore! I really love the diversity and constantly taking on new challenges. 

October is Cybersecurity Awareness month, why is this an important month and what should people be aware of when it comes to growing cybersecurity concerns?

JB: Cybersecurity may seem like a complex subject, but ultimately, it’s really all about people. The goal of Cybersecurity Awareness Month is to ensure all individuals and organizations make smart decisions. This is an important event each year to help people that don’t specifically work in cybersecurity to remember the critical role they play. There are some basic security principles everyone can follow like learning to recognize phishing, updating your software, choosing good passwords, and enabling multi-factor authentication. These same simple principles are even more applicable to first responders because of their critical mission.

What are the biggest challenges public safety faces regarding cybersecurity? 

JB: The main challenge is protecting public safety mission critical data. There are over 60,000 public safety agencies that face obstacles with interagency communications. For example, hundreds of jurisdictions came together in response to the attacks on September 11, 2001 and weren't able to communicate effectively. This is still a challenge today and public safety personnel are managing too many accounts to access different services.

What does PSCR’s Security Portfolio research solve/address concerning public safety cybersecurity concerns? 

JB: The major focus area of our security research is ICAM. FirstNet built by AT&T and other IP Network connections present both an opportunity for superior interoperability, and a challenge for secure information exchange. ICAM provides the foundation for secure information exchange by providing the right data to the right people at the right time with the right protections, and only if it’s for the proper reason and in an efficient manner. PSCR is researching and promoting Federated ICAM solutions that enable user accounts from multiple organizations to access services from multiple service providers. Agencies that have joined the federation, and all services that have joined the ecosystem, can securely share data. These solutions help protect public safety mission critical data and provide convenience for first responder users.