DoD Policy Implementation

As an intern performing IT services over the summer of 2019, I was faced with a seemingly insurmountable challenge: using several thick books of Department of Defense (DoD) legalese, such as the NIST 800-171 and DAAPM 2.0, to develop practical policies and procedures for my employer. These would be used by my company to meet the cybersecurity requirements of doing business with the United States DoD. At first, I had no idea how to start and felt in over my head. I’d assumed IT work would involve replacing computer parts and updating software, not parsing dense manuals and developing intricately compliant documents. However, I was determined to find a way to succeed.

I remembered something I’d read about when I was developing my interests in creative writing called the “Snowflake Method.” This technique involves starting from a small number of significant concepts, and then branching each out in further detail. Each of these branches is fleshed out further, and after so many iterations a full product is complete. Being a programming student, the concept of recursion came to mind, achieving a big goal in small achievable tasks. Using this strategy, I isolated each specific requirement, extracted relevant policy points and procedural requirements, and went from there.

Over time, something looking like a legitimate businesslike form began to take shape. Despite no past interest, skill, or motivation in developing policies in accordance with government requirements, I had successfully found a way to create a detailed professional document. This effort would ensure our company would not only be able to continue to conduct business with the government, but also to detail requirements and practices to avoid malicious cybersecurity attacks on our proprietary data to protect the business and its employees. In the future when I feel a task is insurmountable, I will likely recall this experience and realize nearly anything can be accomplished with the right attitude and game plan.