Rebecca McWhite

Rebecca McWhite is the Technical Lead for Cybersecurity Supply Chain Risk Management (C-SCRM) in the Computer Security Division of the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). In this role, she provides multifaceted technical subject matter expertise on C-SCRM for NIST guidance and publications, as well as coordinates NIST’s C-SCRM community outreach efforts. She also serves as the NIST Staff Lead for the interagency Federal Acquisition Security Council.

Prior to joining NIST, Rebecca led the operational SCRM program in the Defense Information Systems Agency’s Threat Mitigation Division, where she was responsible for strategic leadership and oversight of all Information Communications and Technology (ICT)-SCRM activities. Her portfolio included due diligence reporting on mission-critical ICT products and suppliers, extensible Bill of Materials (xBOM) mitigation via counterfeit detection efforts, and predictive software bill of materials (SBOM) analysis. She also previously served as the SCRM Director of Operations, managing the timely and effective coordination of daily department workflow activities from end to end.

Before joining the federal government, Rebecca was a senior analyst at the Defense Intelligence Agency’s SCRM Program Office and Asia-Pacific Regional Center, as well as an open-source research subject matter expert at Department of Homeland Security (DHS) Customs and Border Protection. She also served as a visa security and counterterrorism specialist at DHS Immigration and Customs
Enforcement.

Rebecca received a bachelor’s degree in East Asian Studies from the Johns Hopkins University and a master’s degree in Strategic Intelligence from the Institute of World Politics.