CIS Controls Ambassador Alan Watkins Releases Second Edition of Cybersecurity Book

The second edition of ‘Creating a Small Business Cybersecurity Program’ includes CIS Controls version 8 and emphasizes the three Implementation Groups (IGs)

EAST GREENBUSH. N.Y., May 19, 2023 — The Center for Internet Security, Inc. (CIS®) is pleased to announce the launch of Controls Ambassador Alan B. Watkins’ second edition book titled, “Creating a Small Business Cybersecurity Program.”

The first edition of his book was published in July 2020 and included CIS Critical Security Controls® (CIS Controls®) v7.1. The newly published second edition incorporates version 8 into the book’s content, allowing small business owners the ability to implement v8 Safeguards into their cybersecurity programs. Other changes in the new edition include updated governance documents, templates, and new guidance on industry best practices.

Creating a Small Business Cybersecurity Program provides guidance and essential steps small businesses with 25-50 employees should implement, from creating governance documents to policies and procedures. Watkins devotes four chapters to the CIS Controls and CIS Safeguards in Implementation Group 1 (IG1) and discusses risk management through the use of the CIS Risk Assessment Method (CIS RAM).

“As cybersecurity is constantly evolving, I felt it imperative that my book also evolve. That’s why I included the latest version of the CIS Controls,” said Watkins. “’Creating a Small Business Cybersecurity Program’ is a non-technical guide for creating an overall low-cost or no-cost cybersecurity program for today’s small businesses.”

The CIS Controls are a prioritized and simplified set of cybersecurity safeguards created to stop today’s most pervasive and dangerous cyber attacks. They are developed, refined, and validated by a global community of cybersecurity experts. The CIS Controls have 18 top-level Controls and 56 Safeguards in IG1, also known as essential cyber hygiene.

Watkins has been an active advocate of the CIS Controls since they were known as the SANS Top 20 Critical Security Controls. He has been a volunteer contributor starting with version 6.1, to CIS’s current version 8. He has also contributed to numerous companion guides, including the CIS Controls Teleworking and Small Businesses Network Security Guide. Additionally, he has participated in CIS Controls launches by helping to answer questions from the broader cybersecurity community as a CIS Controls Ambassador.

“Alan is a true CIS Ambassador. He has demonstrated continued support for the CIS Critical Security Controls while serving in city government, as a private sector consultant, and now as a published author on security best practices,” said Curtis Dukes, CIS Executive Vice President of Security Best Practices & Automation Group.  “We genuinely appreciate Alan’s support of the nonprofit Center for Internet Security.”

Watkins is the former owner/consultant of ABW Consulting Services and currently serves as Core Adjunct Professor at National University, School of Engineering, Department of Computer Science and Cybersecurity.

“Creating a Small Business Cybersecurity Program” is the second book in a three-book series created specifically for small businesses. The first book, by Gary Hayslip, addresses the reality that small businesses have many of the same cybersecurity problems as their larger counterparts but with far fewer resources available. These problems include: maturity of the organization, difficulty of focusing the management team on non-business operation risks, and limited investment in their cybersecurity program. The third book, by Bill Bonney, is designed specifically to provide cybersecurity guidance for companies with 20 employees or less. All three books are available on Amazon.

To arrange an interview with Alan Watkins or Curtis Dukes, contact Kelly Wyland, Media Relations Manager at [email protected], or call/text 518-256-6978.


About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the rapidly changing cybersecurity needs of U.S. election offices. To learn more, visit or follow us on Twitter: @CISecurity.