About

As a non-profit, non-partisan organization, the National Technology Security Coalition (NTSC) serves as the preeminent advocacy voice of the CISO and brings US Government and industry cybersecurity leaders together to network and solve today’s cybersecurity policy and collaboration challenges.

Comprised of CISOs from Fortune 1000 companies and academic institutions from across the United States, our membership represents a wide cross-section of industries—sharing experiences, expertise, and ideas as they collaborate on issues of national importance to the CISO. Year-round, the NTSC actively advocates for important policy priorities—from federal privacy legislation to workforce development. As a result of the NTSC’s efforts, many lawmakers and policymakers now reach out to us as they draft cybersecurity laws, regulations, and policy.

MISSION STATEMENT

Through dialogue, education, and advocacy, NTSC unites public and private leaders around national policies that improve national cybersecurity. 

THE NTSC TEAM

Larry Williams

President, CEO

Larry Williams is President and CEO of the National Technology Security Coalition, as well as President and CEO of the Technology Association of Georgia.

READ MORE

Williams brings more than 25 years of experience in global branding, international trade and finance, public and industrial policy, and administration and management to NTSC. As the former president and CEO of The Beacon Council, Miami-Dade County’s official economic development partnership, Williams helped facilitate local, national and international business growth and expansion programs. Under Williams’ leadership The Beacon Council created and executed a new economic development framework to help the area grow and secure investments in today’s innovation economy. This is resulted in $687 million in new investment, 119 company relocations or expansions, and more than 4,500 new jobs.

From 2011 to 2014 Williams helped shape the vision for Atlanta’s tech sector as vice president of technology development at the Metro Atlanta Chamber. He provided leadership and direction to the Chamber’s Mobility Task Force, positioning Atlanta as a global hub of mobile technology, and to the Technology Leadership Council

READ LESS

Patrick Gaul

Executive Director

Patrick D. Gaul is the Executive Director of the National Technology Security Coalition (NTSC), a non-profit, non-partisan organization focused on driving the national dialogue on technology security in the United States.

READ MORE

Patrick has had a distinguished career with an exceptional record of management performance and achievements in building corporate value. Patrick has extensive international experience and has developed strong multicultural abilities through working, living and traveling around the globe – including the Middle East, the Far East, Western and Eastern Europe and North America.

Patrick began his career in the technology industry in 1976 after serving for nine years in the United States Marine Corps where he was awarded a number of commendations including National Defense Service Medal, the Combat Action Ribbon and a Purple Heart for his service in the Republic of South Vietnam. Mr. Gaul then spent nearly twenty-six years with AT&T and Infonet Services Corporation across the globe including assignments in Japan, the United Kingdom, the Netherlands and Belgium before returning to the USA in late 2003 to head up an Atlanta-based web-hosting and interactive marketing firm.

Since returning to the U.S. Patrick has served in multiple management positions with multinational firms and as a consultant working with start-ups and smaller companies across a number of industries including Customer Intelligence, Market Research, Software Quality Assurance and Cybersecurity. Throughout his career, he has held senior positions in sales, marketing and channel management.

Mr. Gaul attended the Executive MBA Program at the Edinburgh Graduate School of Business from 1999 to 2002. He served on the Board of Directors of the Technology Association of Georgia for 9 years, was the Chair in 2014.

READ LESS

Advocacy

Harmonizing Cyber Incident Reporting
Federal Data Privacy Standard
Advocating for Congressional Action on AI Regulation
Establishing a CISO Safe Harbor
Securing the Software Supply Chain

Harmonizing Cyber Incident Reporting

When faced with a cybersecurity incident, CISOs must contend with more than just the threat itself. They must also contend with a myriad of state incident reporting regulations and proposed regulations on the federal level. These reporting regulations have differing standards on what qualifies as an incident, on what timeline incidents must be reported, and different processes for reporting said incidents. CISOs who fail to meet these various requirements may face legal penalties.

Amidst a cybersecurity incident, CISOs should be focused on responding to the attack, not running through an extensive list of reporting requirements for several different agencies. As such, the NTSC believes the best solution is for CISA to serve as the primary agency for all incident reporting requirements and as the only agency to which CISOs must report in the event of an incident. The Cyber Incident Reporting for Critical Infrastructure Act already designates CISA as the principal agency for critical infrastructure incident reporting. We would like to see that requirement expanded to cover all cyber incidents, not just those that impact critical infrastructure.

Moreover, we believe that incident reporting works best when CISA is a partner with the private sector rather than a regulatory body like the Federal Trade Commission. CISA has worked to foster a positive relationship with the private sector, and that relationship is key to effective incident reporting.

Federal Data Privacy Standard

Companies are often required to collect sensitive data from consumers, such as personally identifiable information. This sensitive data is a target for cyberattacks. In response, governments worldwide have been working to establish strong data privacy standards. Prominent examples are the EU’s 2018 General Data Protection Regulation and the 2020 California Consumer Privacy Act. Other states are following California’s lead, resulting in uneven consumer protections and a complex minefield of standards to which companies will struggle to adhere.

The best solution for keeping consumers’ sensitive private data secure is a comprehensive national standard. Such regulation would address how to define and protect sensitive personal data and de-identified data; establish minimum standards of protection and care; and outline uniform rules governing data protection, security, breach notification, and regulatory oversight. This unform approach will ensure the greatest security for consumers while simultaneously mitigating excessive costs and complexities for the companies that store their information.

Advocating for Congressional Action on AI Regulation

Artificial intelligence (AI) is rapidly transforming every sector, from healthcare and education to national security and finance. While its potential to drive innovation and efficiency is undeniable, the technology’s accelerated pace of development has outstripped existing regulatory frameworks. As AI becomes more powerful and pervasive, the risks of misuse, unintended consequences, and ethical dilemmas grow exponentially. Congress must step in to create guardrails that ensure AI is developed and deployed responsibly, safely, and equitably.
One pressing concern is the lack of transparency in how AI systems make decisions, often described as the “black box” problem. Without clear oversight, these systems could inadvertently embed biases, perpetuate inequalities, or make critical errors in high-stakes scenarios such as criminal justice, hiring, or autonomous vehicles. Congressional action is needed to mandate transparency, accountability, and fairness in AI algorithms to prevent harm and build public trust.

Additionally, AI poses significant national security risks. Adversarial nations and cybercriminals are increasingly leveraging AI for disinformation campaigns, cyberattacks, and espionage. The NTSC strongly encourages Congress to work with federal agencies like the Cybersecurity and Infrastructure Security Agency (CISA) to develop standards for securing AI systems against malicious exploitation.

Congress has a unique opportunity—and responsibility—to establish the guardrails needed to harness AI’s benefits while addressing its challenges. Through thoughtful regulation, including measures to enforce transparency, bolster security, and promote ethical development, lawmakers can ensure AI serves as a force for good in society rather than a source of harm. Delays in action could result in unchecked risks, eroded public trust, and loss of global competitiveness. The time to act is now.

Establishing a CISO Safe Harbor

Creating a CISO Safe Harbor is a critical consideration in today’s stringent cyber regulatory environment, where Chief Information Security Officers (CISOs) often face intense scrutiny during security breaches. The concept aims to provide CISOs with legal and professional protections, encouraging them to implement robust security measures without fear of undue personal liability.

The regulatory landscape has heightened expectations for CISOs to ensure compliance with evolving cybersecurity laws, such as SEC disclosure requirements and state-level data protection statutes. Additionally, recent high-profile breaches have spotlighted CISOs, raising concerns about individual accountability and liability.

A CISO Safe Harbor framework could offer protections for CISOs who demonstrate good-faith efforts to secure their organizations. These efforts might include implementing industry best practices, adhering to regulatory requirements, maintaining transparency in risk reporting, and aligning with frameworks like NIST or ISO. By codifying such protections, organizations and regulators can incentivize proactive cybersecurity leadership, ensuring that CISOs can focus on risk mitigation without the threat of disproportionate penalties.

This approach would foster a collaborative rather than punitive environment, encouraging CISOs to address cyber threats while mitigating personal risks associated with their role.

Securing the Software Supply Chain

Securing the software supply chain is essential to protecting critical systems from cyber adversaries who exploit vulnerabilities in third-party components, dependencies, or updates. A single compromise in the supply chain can cascade into widespread disruptions or breaches, making it vital for organizations to adopt proactive measures.

One effective approach is CISA’s Secure by Design initiative, which emphasizes building security into software from the ground up rather than treating it as an afterthought. Integrating secure coding practices, rigorous testing, and transparent supply chain processes help ensure software is resilient to exploitation.

Secure by Design, combined with practices like dependency management, vendor scrutiny, and real-time monitoring, create a robust defense against emerging threats, protecting organizations and the ecosystems they support.

UNDERWRITERS

The following companies support the National Technology Security Coalition’s advocacy efforts on Capitol Hill, allowing us to create and host events that bring together CISOs and other technology security stakeholders from across the nation. They are instrumental partners as we work to ensure CISOs have a national platform for their voice to be heard in Washington D.C.

World Wide Technology

World Wide Technology is an IT services and consulting company that combines strategy and execution to help organizations accelerate growth and realize a brighter future. World Wide Technology turns complex technology solutions into a practical and actionable way forward and helps deliver them globally.

Microsoft

Microsoft (Nasdaq “MSFT” @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

Check Point

Check Point Software Technologies Ltd. is a leading provider of cyber security solutions to corporate enterprises and governments globally.

GET INVOLVED

Our members are driven to add their voices to our advocacy efforts on Capitol Hill and believe that bringing the perspective of the practitioner to our congressional leaders is imperative to ensuring future policies and legislation incorporate a real-world understanding of the challenges they face each day. Reach out and get involved today!