Making a Difference and Building Capacity in 2023

A Look Back from CIS’s President and CEO, John Gilligan

CIS continued its pattern of excellence in 2023, increasing the size of our team by 100 new employees and increasing our impact by measurably improving the global state of cybersecurity. We increased global adoption of CIS’s security best practices, deployed several new and improved services for U.S. State, Local, Tribal, and Territorial (SLTT) governments, and continued to operate by a value system that focuses on employee development, a diverse and inclusive workplace, and giving back to those in need.

CIS is perhaps best known for our industry-standard security best practices tied to the CIS Benchmarks and CIS Critical Security Controls®. 2023 was a landmark year for the expansion and global adoption of these best practices. Once again, the CIS Controls were featured in the Verizon 2023 Data Breach Investigations Report (DBIR) as a recommended safeguard against cyber threats. Following an increasing trend among states, Iowa became the fourth state to pass safe harbor legislation incentivizing adoption of the Controls for businesses in the state. In an exciting new development, CIS launched the CIS Controls Accreditation program in partnership with CREST, a global professional services certification company; three organizations have already achieved this distinctive accreditation. Meanwhile, our CIS Benchmarks downloads grew by 16%, reaching 1.3 million downloads in 2023. Our SecureSuite Membership grew by a net of 10%, and CIS Hardened Images consumption grew by more than 65% on both Google Cloud and the Oracle Cloud platforms.

Central to CIS’s mission is meeting the needs of the “cyber underserved,” those small and medium-sized SLTT government organizations who are not well served by commercial cyber providers and have few resources to adopt leading edge cyber solutions. Our federally funded Malicious Domain Blocking and Reporting (MDBR) capability and cost effective Endpoint Security Services (ESS) solutions both saw double digit percentage growth in 2023. In addition, the Albert intrusion detection system continued to provide effective network monitoring, now supporting more than 1,000 organizations, with an industry leading response time of less than five minutes. In addition, we launched a new MDBR+ service for advanced web security and an Email Protection Service (EPS) pilot—an email security solution that has thus far achieved an impressive false positive rate of less than .002%.

The Multi-State Information Sharing and Analysis Center® (MS-ISAC®) commemorated its 20th anniversary, now serving over 16,000 member organizations. The Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®) marked five years of serving the U.S. election community in 2023, growing beyond 3,700 member organizations and providing election officials with needed cybersecurity services and best practices. The election community represented our largest critical infrastructure sector at our highest attended ISAC Annual Meeting in Salt Lake City in August. We also launched the Rapid Architecture-Based Election Technology Verification (RABET-V) program to fill an existing gap in standardized security verification of non-voting technology (e.g., voter registration systems and electronic pollbooks). We further modernized our Threat Intelligence Platform (TIP) distribution capabilities, resulting in a six-fold increase in verified malicious threat indicators sent to MS- and EI-ISAC members each month. Additionally, CIS launched its initial Portal capability, providing MS- and EI-ISAC members with real-time access to member benefits and critical information.

CIS continues to attract and retain top talent from across the country, growing our staff by 20% in 2023. Additionally, CIS continued to put emphasis on employee development, spending $3,200 per employee—over three times the industry average. Our commitment to leveraging a diverse workforce continues to be strong with growth in the representation of women (43%) and minorities (19%). CIS also was recognized as a top workplace, including ranking as the number one large business in the Albany Capital Region and being specifically recognized for “workplace culture,” “commitment to learning and development,” and “operating by strong values.” CIS was also separately recognized as a top workplace in both New York State and in the United States.

The remarkable employees of CIS expanded our impact into local communities across the country once again this past year. Our CIS Cares organization guided the impact of 1,212 volunteer hours to support 46 nonprofit organizations nationwide. Through employee donations and corporate fund matching, we donated more than $27,000 to causes ranging from the support of service dogs and K9s, environmental conservation, and youth-oriented charities like Big Brothers Big Sisters of the Capital Region. CIS continues to be a special place where service to the needs of others is both a mission and a privilege. Our employees are adding new chapters to our storied history of excellence in the cybersecurity community daily. I am immensely proud of the contributions of each member of the CIS team, and I am deeply honored to be a part of an organization that continues to have a tremendous positive impact on a global scale.


John Gilligan
President and Chief Executive Officer
Center for Internet Security

Read the complete CIS 2023 Year in Review


CIS 2023 Year in Review