How can small organizations or individuals effectively advocate for cybersecurity policy changes?

Start with your congressional representatives—everyone has two senators and one House member. These offices can escalate issues directly to federal agencies like the White House. Members of Congress have 'pick up the phone privileges' to call agencies on behalf of constituents, which is far more effective than trying to navigate the executive branch alone. Build relationships, clearly communicate your issues, and connect your priorities to problems lawmakers are already hearing about from constituents.

Why do current cybersecurity funding models fail rural and underserved communities?

Most federal cybersecurity programs operate on reimbursement models, requiring organizations to make investments first and get paid back later. This works for wealthy municipalities but fails communities in states like Mississippi and West Virginia that don't have capital to put up front. Effective policy would provide grants and low-interest loans that deliver resources before incidents occur, similar to how we prepare for natural disasters rather than waiting until after they happen.

What is meant by 'offensive' versus 'defensive' cybersecurity policy?

Defensive policy is reactive—responding to incidents, creating playbooks for after attacks occur, and addressing crises as they emerge. Offensive policy is proactive—investing in workforce development, providing upfront funding for cyber defenses, and building resilience before incidents happen. Nicole argues the cybersecurity community needs to push harder for offensive policy approaches, especially during political transitions when new priorities can be established.

Cybersecurity Policy Equity for Rural and Underserved Communities

Name: Cybersecurity Policy Equity for Rural and Underserved Communities
Uploaded: 2026-03-12T15:38:14-04:00
Duration: 1 h 1 min 19 s
Description: TL;DR Traditional reimbursement-based cybersecurity funding disadvantages rural and low-income communities that lack upfront capital, requiring a shift toward grants and proactive investment models similar to natural disaster preparedness. Cybersecurit...

Rubrik

03/12/2026

0 (0%)

Report Like Favorite

TL;DR

Traditional reimbursement-based cybersecurity funding disadvantages rural and low-income communities that lack upfront capital, requiring a shift toward grants and proactive investment models similar to natural disaster preparedness.
Cybersecurity workforce development should focus on creating regional nodes that allow people to protect their own communities rather than concentrating talent in major metropolitan areas, which causes brain drain from underserved states.
The ripple effects of cyberattacks on healthcare systems in rural areas are particularly severe, as patients may need to travel long distances to alternative facilities during recovery periods that can last months.
Effective cyber policy advocacy starts with engaging your congressional representatives—everyone has two senators and one House member who can escalate issues directly to federal agencies.
Skill-based hiring and reduced credential requirements can help address the 500,000 open cybersecurity positions while diversifying the workforce geographically and socioeconomically.
Cyber policy engagement should not be optional based on political party—advocates must work with whoever is in power while maintaining clear proactive priorities alongside defensive responses.

This episode of Rubrik's Data Security Decoded podcast features an in-depth conversation between Travis Rosiek, Rubrik's Public Sector CTO, and Nicole Tisdale, a distinguished national security policy expert who served as Director of Legislative Affairs for the National Security Council at the White House. Nicole shares her remarkable journey from the small town of Nettleton, Mississippi—a community of 2,000 people with no traffic light—to shaping some of the nation's most significant cybersecurity policies, including the $1 billion cybersecurity grant program and the first federal cyber incident reporting law. The discussion centers on a critical but often overlooked aspect of cybersecurity: the policy gaps that leave rural and underserved communities vulnerable to cyber threats. Nicole explains how traditional reimbursement-based funding models work well for wealthy municipalities like San Francisco but fail communities in states like Mississippi and West Virginia that lack upfront capital. She advocates for proactive policy approaches including grants and low-interest loans that provide resources before incidents occur, drawing parallels to natural disaster preparedness. A significant portion of the conversation addresses workforce development challenges. Nicole argues that the cybersecurity industry's concentration in major metropolitan areas creates a brain drain from rural states, perpetuating economic disadvantage while leaving local critical infrastructure unprotected. She proposes regional workforce nodes that would allow people to protect their own communities while building economic stability, noting that CISA's mission to protect all critical infrastructure means that infrastructure in Tupelo, Mississippi deserves the same protection as assets in major cities. The episode also explores the ripple effects of cyberattacks on healthcare systems in underserved areas, where patients may need to travel significant distances to alternative facilities. Nicole emphasizes that recovery—not just incident response—deserves more attention in policy discussions. She concludes with practical advocacy advice, encouraging listeners to engage with their congressional representatives as an effective entry point for influencing cyber policy, regardless of which political party holds power.

Chapters

0:00 - Introduction and Opening
1:30 - Nicole's Background and Journey
3:33 - Advocacy for Underserved Communities
5:36 - Policy Impact on Rural Areas
6:36 - Funding Models and Their Limitations
24:49 - Regional Workforce Development
26:10 - Economic Stability and Community Protection
28:21 - Job Requirements and Barriers to Entry
30:05 - Healthcare Cyberattack Impacts
49:53 - Effective Policy Advocacy Strategies
55:59 - Optimism About Cybersecurity's Future

Key Quotes

0:00 "We have to provide funding to our state and locals who operate most of our critical infrastructure before they need it. In the same way that we don't wait to start preparing for natural disasters until after the natural disaster happens, we have to do the same thing with cybersecurity."
4:46 "People were making policies without having us in mind, but the policies were impacting us."
6:53 "That works in San Francisco. That may even work in Austin, Texas. It doesn't work in places like Mississippi and West Virginia, because a lot of these states don't have the money to put up front."
25:41 "That infrastructure exists in Nettleton, Mississippi. It exists in Tupelo, Mississippi. How do we make it easier for people to serve their communities where they are? ..."
28:28 "Some of these job requirements, they have everything except requiring you to have a specific Zodiac sign. And it's like, come on, y'all. We don't need to be that specific."
50:31 "You cannot opt out of cyber policy until and unless the party you support is in charge. That is not an effective way to do public policy."

Categories:

Tags:

Show more Show less

TL;DR

Chapters

Key Quotes

Managing Configuration at Scale Across Group Policy and Intune

HUMAN Dialogue: Transforming City-Scale Cyber Resilience through AI Innovations

Making GPUs Available On Demand (Without Breaking the Budget)

ITDR as an Integral Component of Critical Security Architecture

Reclaim Network Clarity and Accountability with Netskope DEM