Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

CIS Benchmarks Community Volunteer Spotlight: Wana Tun

wana tun CIS Benchmarks volunteerThe CIS Benchmarks Community on CIS WorkBench is made up of subject matter experts, vendors, technical writers, and CIS SecureSuite Members from around the world. Together with CIS, these volunteers develop, review, and maintain the CIS Benchmarks. The community brings real-world experience and expertise to the process to ensure we are addressing the most prevalent security for technologies. We encourage you to join and become a CIS Benchmarks Community Volunteer too!

Wana Tun (CISSP, CEH, GNFA) has been a part of the CIS Benchmarks Community for three years.

Please share a little about yourself.

I am a Global Solutions Engineer at Sophos, in Singapore.

Why did you decide to join the community?

I wanted to promote security best practices and cyber hygiene.

What is your role in the community?

Providing advisory to the secure configurations, and developing the best practice guide for Sophos XG Firewall.

What is your favorite part about contributing? Ex. weekly meetings, writing the recommendations, responding to discussions, reviewing tickets?

The recommendations.

How did you get into cybersecurity?

I started my career implementing security for industrial control systems (ICS networks), and aspired to become a practitioner for network security and forensics.

What is one thing you would tell folks about the CIS Benchmarks Community?

Consensus-based recommendations require that subject matter experts (SMEs) provide the implementation best practices used at their organizations.

What are your favorite cybersecurity blogs, podcasts, or books?

Mostly Twitter, Sophos Naked Security feeds, and podcasts. Books I'd recommend are Gray Hat Hacking, the Hacking Exposed series, and SANS courses.

Share some information on the latest community project you’ve contributed to.

Developing the CIS Benchmark guide for Sophos XG Firewall v18, and network forensics / threat hunting with JA3 fingerprints in conjunction with FOSS tools like Moloch and the use of the Sophos XDR product.

What impact has COVID had on the need for CIS Benchmarks?

It's more important to maintain a secure configuration baseline and assess digital assets, whether the data is hosted in the cloud or residing on the remote employee's workstation.

What advice would you give someone just starting out in cybersecurity OR starting out in the community?

Be involved in the projects, and have both a passive and active involvement in the discussions.

Thank you, Wana!