The Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS) has a new director, Jen Easterly. The Senate confirmed Easterly in July, with swearing taking place on August 09, 2021. It should come as no surprise to CISOs to see Easterly dig in and immediately leverage the newly minted Joint Cyber Defense Collaborative (JCDC), which was authorized in the National Defense Authorization Act of 2021.The JCDC\u2019s mission, according to CISA, is to \u201cleverage new authorities\u201d and \u201cbring together public and private sector entities to unify deliberate and crisis action planning while coordinating the integrated education of these plans. The plans will promote national resilience by coordinating actions to identify, protect against, detect, and respond to malicious cyber activity targeting US critical infrastructure and national interests.\u201dWho is Jen Easterly?Easterly is no stranger to being first when it comes to innovation and being able to see a bit over the horizon when it compared to her peers. She served 20-years in the Army where she is credited with standing up the first \u201ccyber battalion.\u201d The National Security Agency (NSA) saw her present from 2011 to 2013, which happened to be immediately after the standing up of the unified US Cyber Command in 2010. She is credited with fleshing out that nascent organization into full operational mode. Following this, she went to Morgan Stanley in 2017 where she stood up the company\u2019s \u201cFirm Resilience and the Fusion Resilience Center,\u201d or simply Cyber Fusion Center (CFC).Easterly, spoke remotely at the recent Black Hat conference, where she emphasized the need to build the nation\u2019s cybersecurity workforce. Not news to CISOs with empty requisitions, she commented on how there were over 500,000 jobs awaiting personnel in the United States.Security operations center, CFC and JCDCCISOs have seen the evolution in cybersecurity to include the attempt to corral information, detect intrusions, and respond accordingly. Nirvana occurs when intrusions are handled automatically without the need for personnel intervention. Over time many companies have stood up security operations centers (SOCs) where their physical and virtual worlds meld. Others have attempted to create CFC-like groups where disparate data sets are melded and decisions are made.The new JCDC, according to Easterly, will initially focus on ransomware and the cloud. Companies that have been identified as participating include Cisco, Microsoft, Google, Lumen, Amazon Web Services, FireEye, Crowdstrike, Palo Alto Networks, AT&T and Verizon.\u201cSecurity operations centers are one dimensional,\u201d says John Burger, CISO at ReliaQuest. \u201cSometimes the response will include a threat intel function. Seldom [will it] have a holistic view of the business from a business continuity perspective.\u201dMeanwhile, Anuj Goel, CEO of Cyware (and one who participated in the development of CITI\u2019s CFC), notes how \u201cthe fundamental difference between a CFC and SOC is how each unit approaches and operationalizes security.\u201d Goel highlighted how SOCs connect the silos at one location, compared to the CFC, which \u201ccoalesces all these siloed units into a single, collaborative, and integrated force to streamline end-to-end threat detection, management and 360-degree response.\u201d When established, Goel says, the security silos are eliminated.Burger provided his insight from the CISO\u2019s seat that creating a CFC is not for the faint of heart, and his observation will not surprise anyone involved in cybersecurity with its many silos. \u201cThe single largest barrier is the organization\u2019s will to bring disparate parts of the \u201ccyber domain\u201d (IT, business continuity, SOC, and threat intel) into one center.\u201dEnterprise CISOs, when compared to their SMB brethren, enjoy a bounty of resources. There is no denying the CISOs at SMBs are often financially disadvantaged as well as being hamstrung when it comes to engagement in the ever growing \u201cpublic private partnership.\u201d This is where Easterly\u2019s efforts at CISA will have an immediate impact, as she has already begun the outreach to the resourced constrained, with invitations to engage CISA, as well as providing a plethora of tools and assessments available for the taking.Some SMBs may be thinking of building their own fusion centers, and the CEO of Minerva Labs, comes down strongly against that idea. Instead, he proffers, \u201cThe right direction for SMBs is to find tools that won\u2019t demand them to hire a big security teams, tools which can be used by any IT employee.\u201d He explained, \u201cmost cybersecurity tools are complex and for them to work properly and protect with full power, a large professional team is needed.\u201dIs Easterly\u2019s JCDC for everyone?Goel adroitly points out how Easterly\u2019s experience is going to \u201copen doors for CISA to force multiple security capabilities while enhancing collaboration with industry sectors through strategic and technical information sharing.\u201d On the larger, national scale, \u201cEasterly\u2019s efforts will foster collective defense across organizations within the US and synchronize their strengths against rapidly evolving and shape shifting threat actors.\u201dWhether JCDC will also be able to assist entities not involved in national infrastructure is a question waiting to be answered. The answer is no if you don\u2019t ask, so ask. CISOs interested in participating in the JCDC should email CISA.