Sarah Brown is a cyber security lead at the NCI Agency’s Chief Information Office. Her work focuses on technical support to NATO Enterprise cyber security efforts, in particular NATO’s approach to Asset, Configuration, Patch, and Vulnerability Management (ACPV) as a foundational functional area supporting cyber resilience.
Between 2020 and 2021, she served on the Deputy Secretary General (DSG)’s NATO Enterprise Cyber Adaptation project, enhancing NATO’s cyber resilience. In parallel with this work, she led development of the NCI Agency’s current Cyber Security Strategy, taking into account the work of the Cyber Adaptation effort and the NCI Agency’s implementation of matrix management.
From Aug 2016 – May 2020, in her role in the Capability Development Branch of the NATO Cyber Security Centre (NCSC), she was responsible for requirements capture, policy recommendations, and system design for future NATO cyber security capabilities in NATO in fixed and deployed environments. She supported numerous engagements towards furthering partnerships with industry and peer organizations, to ensure work within NCI Agency is informed by leading best practices. This includes organizing the technical workshop talks for NATO’s flagship cyber security conference, NIAS, in 2019.
Her engagement with NATO goes back to 2008 when she worked as a US voluntary contribution and technical liaison at NC3A, one of the NCI Agency’s predecessors. Prior to NATO, she worked on the threat intelligence team at Fox-IT delivering strategic, operational, and tactical financial cyber threat information to banks around the world. Sarah as also worked as an independent researcher and consultant to a number of organizations.
Sarah holds BA degrees in Mathematics and Computer Science from Oberlin College, Ohio, and an MA in Mathematics from University of Maryland. In 2022 she was awarded the NATO Meritorious Service Medal for her work.