After enlisting in the U.S. armed forces straight out of high school and choosing the challenging path of a Combat Controller, Diggers went on to be a key player in setting up the Department of Homeland Security’s collection management apparatus. From there, he moved to the CISA for 15+ years, performed key positions with the U.S. air force, and is now the Critical Infrastructure Cyber Lead at Accenture Federal Services.

Rick Diggers in his early days in the U.S Armed Forces

Driggers worked with federal, state, and local offices to understand the security posture of America’s infrastructure, most of which operates on legacy technology that was never initially intended to be connected to online networks. Securing these infrastructures has taken time, and the industry is beginning to feel the momentum. “If I'm looking at an organization’s cybersecurity posture through a maturity and a readiness lens, that really allows me the flexibility to make adjustments based on emerging threats and risk,” said Diggers, “That's a lot better than, you know, playing whack a mole with vulnerabilities, which unfortunately a lot of organizations do.”

When drilling down into what makes the agile and cybersecurity mindset possible, Driggers says it comes down to people, process, and technology, not just tech operating on its own– and that’s only one of the 3 top challenges to securing organizations.

3 Top Challenges organizational cybersecurity challenges

Diggers speaking at the CyberTech Europe 2022 conference

Today’s cybersecurity gaps are especially challenging for organizations that see their systems and operations taken offline. When working with governmental organizations, a hack may go beyond ransomware to exposing the personal information of a person of interest or even government secrets.

When the stakes are so high, it becomes a team effort to ensure that such important data is only accessed by authorized users. To achieve this, organizations should focus on the following:


From the start, it’s important to acknowledge that securing IT networks and OT (Operational Technology) networks are not the same. While IT practitioners are often focused on securing private data, OT cybersecurity professionals are more focused on operational uptime and availability. They have different problems to tackle and approach them from different angles.

Executives must recognize this and encourage opportunities for them to collaborate on sorting organizational problems in a way that allows them to better understand one another.

People, process, and policy

Working towards a common goal demands that each team member is in a role that is in line with their skills. Employees should be in the right place at the right time, able to understand challenges and act on them accordingly, without having irrelevant decision-makers holding things back.


Streamlining processes demands a clear understanding of what each department and team member does, in order to allow them to work as efficiently as possible while creating opportunities to recognize their own cybersecurity vulnerabilities. In addition, this creates opportunities for teams to reduce duplicated efforts.

“I think gaining visibility goes a long way to helping manage many technical aspects. That'll help free up resources to apply to real security practices to reduce risk,” said Driggers. “In my mind, it really all starts with visibility. If you can't see it, you can't protect it.”

Protecting infrastructure into the future

Rick Diggers on C-SPAN when working for Homeland Security

The first step in securing any piece of technology is by having cybersecurity be part of early development, not an afterthought where discovered vulnerabilities may make a device insecure, or even unusable.

For example, the promise held by 5G technology and being able to connect fleets of devices to cellular networks increases attack surfaces to unprecedented levels. How do we secure these spaces on such a wide scale? “Future security challenges in this space, particularly as it applies to the development of new or existing critical infrastructure, is to continuously evolve our security solutions to not only ensure the integrity, reliability, and security of all of these connected technologies, but we also need to ensure the safety and privacy of our people,” said Driggers.

A large part of that is the Biden administration’s executive order 14028, which laid the groundwork for the cybersecurity documentation and ultimately much of the progress that we are seeing today with Software Bill of Material (SBOM) documentation. What’s more, is that it was all done from a supply chain perspective– not only for software supply chains but also for software development environments. It gives guidance on language and clear risk guidance to manufacturers on how to speak with their customers.

To achieve this, SBOMs are critical in identifying potential vulnerabilities, gaining insights into mitigation techniques, and securing organizations in an organized manner. Ultimately, the greater visibility and communication about potential threats that exist within an organization's culture, whether it be through meetings or documentation, the more secure it will be.

Click here to listen to the full episode.

Written by David Leichner (CMO), Shlomi Ashkenazy (Head of Brand) and Rafi Spiewak (Director of Content) at Cybellum