Kelley Dempsey is Senior Information Security Specialist at the National Institute of Standards and Technology Information Technology Laboratory/Computer Security Division. She has 27 years of information technology (IT) experience, with over 14 of those years specializing in operational and research-based information security. She began her career in IT as an electronics technician troubleshooting and repairing IT hardware. While employed by the Department of the Army, she began to specialize in PC, server, and network support, along with IT training. Ms. Dempsey next worked for the Department of the Navy as a systems and network administrator and also began to focus on Information Security at this time.
Beginning in 2001, she implemented and managed the information security program operationally at NIST (based on the NIST Risk Management Framework process) then joined the NIST Computer Security Division in October 2008. Ms. Dempsey has been pivotal in the development of numerous NIST Special Publications for information security, including NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems, NIST SP 800-39, Managing Information Security Risk, NIST SP 800-30 Guide for Conducting Risk Assessments, and NIST SP 800-53A, Guide for Assessing Security Controls. In addition, Ms. Dempsey was the primary author of NIST SP 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations, which has led to a sea change in the way the federal government monitors the effectiveness of its security programs, as well as NIST SP 800-128, Security-Focused Configuration Management.
Ms. Dempsey earned an A.A.S in Industrial Electronics, a B.S. in Management of Technical Operations, and a Masters Certificate in Information Technology Program Management as well as CISSP, CAP, CEH, CCNA, and ITIL professional certifications. She is currently completing requirements towards an M.S. in Information Security and Assurance.