Commonwealth Strategic Partners Case Study:

Giving a Voice to the Chief Information Security Officer

The National Technology Security Coalition (NTSC) is the only association that represents the Chief Information Security Officer (CISO) for major corporations, universities, and other entities. However, until the NTSC began working with Commonwealth Strategic Partners (CSP), CISOs on the NTSC’s Board of Directors lacked the coordination to take their compelling, important, and relevant policy priorities to Washington, D.C.

Now, with the help of CSP, members of the NTSC are at the table for discussions with federal legislators and agencies on how to best protect America’s technology and critical infrastructure.

“With the NTSC, we have the opportunity to build a partnership between some of the smartest people in the field of cybersecurity and the federal government, where knowledge and action on this front is still in great need,” says George McElwee, managing partner of CSP.

One of the first things that CSP did for the NTSC, still a relatively new association, was to get them in the door and introduce them as the foremost subject matter experts to people in Washington, D.C. who have a stake in cybersecurity. From these targeted introductions came more opportunities for advisory roles, and the association’s reputation grew from there.

NTSC Executive Director Patrick Gaul was impressed. “CSP’s team has expertise in Congress that blew me away,” he says. “They seem to know everyone on both sides of the aisle in Congress, as well as having extensive contacts across federal departments and agencies. Training someone in what they know would require a steep learning curve, but we were able to hit the ground running because their knowledge encompasses all the little important strategic and logistical details that help the NTSC understand how to navigate Washington, D.C.”

With a foot in the door and a respected voice established, the NTSC and CSP are working with legislators on creating national data breach standards and federal privacy standards. In 2019, CSP worked to introduce the Cybersecurity Advisory Committee Authorization Act (H. R. 1975 & S. 4024). That legislation established a new committee of industry experts to advise the U.S. Department of Homeland Security and Director of the Cybersecurity and Infrastructure Security Agency (CISA). CSP was able to secure language to establish the Cybersecurity Advisory Committee in the FY21 National Defense Authorization Act, which was enacted in January 2021.

“This is a brand-new advisory committee that we and the NTSC advocated for,” says McElwee. “The breadth and scope of securing the nation’s critical infrastructure is so great and so important that we went from our usual surgically targeted approach to conducting almost 200 meetings on Capitol Hill on behalf of the NTSC.”

The new committee, called the CISA Cybersecurity Advisory Committee (CSAC), held its first public meeting in December 2021. CSAC members include Marene Allison of Johnson & Johnson and Ron Green of Mastercard, both board members of the NTSC.