CIS Benchmarks Community Volunteer Spotlight: Wana Tun
The CIS Benchmarks Community on CIS WorkBench is made up of subject matter experts, vendors, technical writers, and CIS SecureSuite Members from around the world. Together with CIS, these volunteers develop, review, and maintain the CIS Benchmarks. The community brings real-world experience and expertise to the process to ensure we are addressing the most prevalent security for technologies. We encourage you to join and become a CIS Benchmarks Community Volunteer too!
Wana Tun (CISSP, CEH, GNFA) has been a part of the CIS Benchmarks Community for three years.
Please share a little about yourself.
I am a Global Solutions Engineer at Sophos, in Singapore.
Why did you decide to join the community?
I wanted to promote security best practices and cyber hygiene.
What is your role in the community?
Providing advisory to the secure configurations, and developing the best practice guide for Sophos XG Firewall.
What is your favorite part about contributing? Ex. weekly meetings, writing the recommendations, responding to discussions, reviewing tickets?
How did you get into cybersecurity?
I started my career implementing security for industrial control systems (ICS networks), and aspired to become a practitioner for network security and forensics.
What is one thing you would tell folks about the CIS Benchmarks Community?
Consensus-based recommendations require that subject matter experts (SMEs) provide the implementation best practices used at their organizations.
What are your favorite cybersecurity blogs, podcasts, or books?
Mostly Twitter, Sophos Naked Security feeds, and podcasts. Books I'd recommend are Gray Hat Hacking, the Hacking Exposed series, and SANS courses.
Share some information on the latest community project you’ve contributed to.
Developing the CIS Benchmark guide for Sophos XG Firewall v18, and network forensics / threat hunting with JA3 fingerprints in conjunction with FOSS tools like Moloch and the use of the Sophos XDR product.
What impact has COVID had on the need for CIS Benchmarks?
It's more important to maintain a secure configuration baseline and assess digital assets, whether the data is hosted in the cloud or residing on the remote employee's workstation.
What advice would you give someone just starting out in cybersecurity OR starting out in the community?
Be involved in the projects, and have both a passive and active involvement in the discussions.
Thank you, Wana!