Dyn DNS taken down (DDoS). DNC hack (phishing). OPM breach (malware). Not to mention surreptitiously stolen healthcare records and credit card numbers seemingly every minute of every day.The cyber imperative: While the joint US private and public digital security ecosystem gains its \u2018sea legs\u2019, the cyber bad guys will continue to have their proverbial way with us.The two prevailing gaps . . .\u00a0 A deep national bench strength of existing and next generation cybersecurity leaders and operators, spanning startups to large corporations and across the public-sector space, who possess the requisite skill set to compete and consistently win on the cyber battlefields of today and tomorrow. Our current bench is woefully short.\u00a0A mechanism for funneling all the disparate data points\u2014who\u2019s doing what, what\u2019s working, what\u2019s not\u2014that are percolating across our cyber ecosystem daily. Presently it seems we\u2019re bouncing between two extremes, information overload and ignorance.The macro solution is: transitioning from a burgeoning industry with still \u201cwild west\u201d market tendencies to a dynamic force that is vastly more interconnected and accessible\u2014dare I say institutionalized?\u2014and yet maintains its core entrepreneurial operating spirit. This is a new kind of war we\u2019re collectively fighting. Unlike all prior engagements, sustained battlefield success will be achieved principally with the private\/commercial sector leading from the front. Government agencies will be a key player, but in a primary supporting role.We have our first ever Federal CISO, Greg Touhill, now in place. An incoming new Administration is seemingly reorienting to a strong security posture, presumably to include digital security. And the Commission on Enhancing National Cybersecurity just released its Report on Securing and Growing the Digital Economy. The stars seemingly are aligned for us to take a generational leap forward . . . now.Three years ago, in A Call For A National Cyber CounterInsurgency, I challenged our cyber ecosystem to look to and replicate the spirit of Skunk Works, Lockheed Martin\u2019s research and development unit that was stood up during WWII (and is still thriving, making meaningful impact today) to fast track priority national security assets.\u00a0Innovation, coordination, education . . . and investment. These are the key pillars that will support and sustain our relentless pursuit of a unified mission\u00a0to consistently beat the bad guys. It may take a generation to get there. Doesn\u2019t matter; eye on the ball.\u00a0Reflecting on\u00a0Skunk Works\u2019 legendary operating model, let me propose the following blueprint . . .The establishment of a National Center for Cybersecurity Coordination & Excellence (NaCCCEx) . . . nicknamed Triple-C.\u00a0Structurally this would marry the commercial fundamentals of a Fannie Mae (independent, for profit, government sponsored entity (GSE)) with the interoperability of a Joint Terrorism Task Force (JTTF) with the\u00a0cyber information sharing best practices of a Security Innovation Network (SINET). (Editorial note: For purposes here, let\u2019s set aside what occurred at Fannie 2006-09 range\u2014when politics and bad policy mucked up what had been a clear and soundly functioning mandate for 70 years. And while Fannie Mae is a publicly listed company, I\u2019d advocate for remaining private over the long haul.)\u00a0NaCCCEx will function as a dynamic commercial cyber engine of growth; one that is closely linked with traditional public sector entities, e.g. DHS, US Cyber Command, etc., but that is clearly separate and distinct from direct government ownership and intervention . . . and importantly is solely responsible for managing its own affairs. It is perhaps appropriate, on this 75th Anniversary of Pearl Harbor, to consider that without America\u2019s massively powerful commercial engine steaming 24\/7, militarily the Allies would have been woefully lacking in combating the Axis Powers.\u00a0\u0084NaCCCEx will serve as an institutional hub to . . .\u00a0Connect the reams of data points emanating from disparate sources and bridge private sector companies with public sector entities. A pure-play private sector model, with no linkage to the public sector (as is virtually the case today), is not sufficiently effective on a going forward basis.Develop and deliver to the market the most capable cybersecurity leaders for future years. This requires a mechanism to attract the best minds in cyber today to educate and train future cyberists. The majority of quality cyber folks are simply not going to work for the government, for a whole host of reasons; pay being a big one, but also a generally deep disinclination by many to work for \u201cbig brother\u201d.\u00a0Main featuresFirst and foremost, NaCCCEx is a commercial entity. A vibrant cybersecurity national effort must at its core maintain its commercial spirit. Private and for-profit is the best means to optimize and fast-track cutting edge capabilities. Organizationally it will embody a co-president leadership structure, comprised of a recently retired Technology CEO\u2014less than four years out of a mid-cap or larger organization\u2014and an active duty 3-star General\/Flag Officer\u2014uniform of the day is business attire\u2014who will serve two-year tours, alternating off years. For initial launch, the civilian co-president will remain aboard for a third year.It will also be staffed by permanent employees and those on secondment from a multitude of organizations emanating from our cyber ecosystem.\u00a0\tPermanent staff must commit to a mandatory three-year tour. Those who remain aboard for five years will be eligible for a one-time special \u2018uber\u2019 bonus, which will be paid on a sliding scale tied to aggregate semi-annual performance marks. Compensation will be pegged to roughly upper 80% range of market.Secondment staff will serve two-year tours, with an option to extend for a third year. No more than 25 percent of secondment staff will be authorized third-year extensions in any one year. Secondment staff will be sourced from, but not limited to: DHS-NCCIC, US Cyber Command, NSA, CIA, FBI, National Cyber Forensics and Training Alliance (NCTFA); state and major metro area law enforcement organizations; overseas cyber partners and other close allies will be called on to \u201cloan\u201d key representatives; National Council of ISACs (NCI); Service Academies\u2019 divisions for cybersecurity studies; major power companies and grid leaders, e.g. Duke Energy, National Grid, PG&E, Con Ed, etc.; all publicly listed cybersecurity companies, e.g. FireEye, IBM, Rapid7, SecureWorks; midcap and boutique cyber firms, drawn from Cybersecurity Ventures\u2019 published quarterly rankings, e.g. root9B, LookingGlass, Cylance, Darktrace; cyber investment professionals from leading platforms such as A16Z, Accel, Bessemer, In-Q-Tel, Intel Capital, KPCB, NEA, Norwest, Sequoia.NaCCCEx would also feature a Visiting Fellows Program that will tap impact-making cyber thought leaders from across the digital security landscape, including such luminaries as Keith Alexander\/IronNet, Ed Amoroso\/TAG-Cyber, Frank Cilluffo\/George Washington University, Rick Gordon\/Mach37, Michael Hayden\/The Chertoff Group, Shawn Henry\/Crowd Strike, David Kimmel\/CyberRiskPartners, Evan Kohlmann\/Flashpoint, Angie Messer\/BAH, Steve Morgan\/CyberSecurity Ventures, Hunter Mueller\/HMG Strategy, Theresa Payton\/Fortalice Solutions, Kevin Powers\/Boston College, Robert Rodriguez\/SINET, Phyllis Schneck\/DHS, Phil Venables\/Goldman Sachs, Amit Yoran\/RSA.Given its stature as a membership organization, it would derive its funding via a rolling tiered subscription model, tied to blended prior three-years profits. Membership will be highly encouraged but strictly voluntary.It would also be granted a special wartime waiver by Congress regarding payment of federal and state corporate taxes.The proceeds for which shall be reallocated to staff annual bonus and co-investment pools.InnovateBy charter, NaCCCEx will foster and enhance early stage cyber products and services coming to market via deploying marketing\/business development resources to new\/emerging technologies, deemed national cyber priorities, to foster growth. An emphasis will be on aggregating and re-marketing derivative technologies from across disparate sources. Priority focus will be oriented to identifying and developing active defense and counteroffense cyber measures.Coordinate When it comes to coordination among key constituents, we must consider that we\u2019re essentially operating in a new paradigm. The rules to date may apply to a degree; but for the most part we\u2019re traveling down uncharted roads. Legal must of course be involved, but it cannot drive the agenda\u2014this is critical. NaCCCEx will serve as the primary national cyber information hub; and in doing so will pave these new avenues for efficient and effective navigating.Public \u2013 Private . . . A lot more work to do (too much to detail here).Private \u2013 Private . . . Highest priority shall be given to feed new-hack events across subscribers in as near real time as possible. Secondly, NaCCCEx will elevate \u2018cyber in the know\u2019 awareness among subscribers regarding all that\u2019s going on in the way of new-start and emerging companies, new cyber product and services offerings, derivative technologies that may be sourced from failed startups, etc. If it\u2019s found that a subscriber member(s) is misusing this \u2018enhance and protect\u2019 information, something akin to industrial espionage, stiff long-term penalties will result.US \u2013 Overseas . . . Priority status will be granted to Israel and Great Britain. Israel has been operating on the cyber front lines longer than any other white hat public-private collective, and as a result their innovation and coordination methodologies are unparalleled. Britain is doing some cutting edge stuff of late, both at the national command level and commercially\u2014for instance, see how Bletchley Park\u00a0is to be transformed to a new cyber university.EducateDeveloping and deploying next generation cybersecurity leaders\u2014be they senior corporate staff, government operators, educators\u2014is perhaps the single greatest strategic imperative we face. The bad guys will routinely revise and adjust. To meet and overcome this seemingly never-ending challenge, we must continually develop and deploy great minds who can adapt and excel. Indeed battlefield advantage will be defined by our ability to collectively stay one (and ideally two) steps ahead of the bad guys. NaCCCEx\u2019s training program will comprise a 20-month training cycle to develop and deliver next generation cybersecurity leaders to the market. Course curricula will center on:\u00a0 general business unit management essentials; leadership and mentoring skills; effective communication (verbal and written)\u2014up, down and across the organizational structure; risk management fundamentals; c-suite and board of directors\u2019 engagement; select corporate CISO, CSO, COO functions.InvestNaCCCEx\u2019s co-investment arm (the Fund) will be chartered to incubate, accelerate and aggregate. The Fund will be raised via traditional go-to-market channels, e.g. corporate and pension funds, private placement and other private sector sources. The Fund shall feature a one-time match by the US Government. I envision budgetary allocation split across relevant Departments, including but not limited to DoD, DHS and Education. Tax dollars, stemming from net profits on subscription receipts and investment returns, shall be re-circulated to the Fund.In closing, NaCCCEx will be the center of gravity of a new-paradigm national cybersecurity collective effort; where a culture of collaboration, excellence and measured risk taking must prevail. Given the pin-point rapidity of cyber, we cannot afford to be stifled waiting for \u2018perfect\u2019 solutions. A few \u2018wrong turns\u2019 to get from here to there is OK.