Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

CIS Controls Community Volunteer Spotlight: Alan Watkins

CIS-Controls-Volunteer-Alan-Watkins-HeadshotThe CIS Controls Community is fortunate to include many experienced IT security professionals who volunteer their time and expertise to help improve cybersecurity best practices and make the connected world a safer place. Alan Watkins has been a CIS Controls Ambassador and Volunteer since 2017. Most recently, he contributed to the Version 7.1 updates. Read on to learn more about Alan.

Please tell us a little bit about yourself.

Over the last 45 years, I have held positions in IT Management, InfoSec, and teaching. I worked in the public sector for the City of San Diego for over 36 years, first in law enforcement and then in several IT positions, and when I left I worked as an Independent Cybersecurity Consultant. I also have about eight years of experience teaching graduate cyber courses online.

Where are you from?

I've lived in Southern California almost all my life, mostly in San Diego. Then I moved to the desert, where I now reside in Yucca Valley, near Joshua Tree National Park.

How did you get into cybersecurity?

I was working for the City of San Diego in the 1990s as an IT Supervisor and we had some "rogue" staff who had system admin privileges and abused them, so I needed to implement some security countermeasures. Then I was assigned the task of reviewing and mitigating the "Y2K Bug" issues in both IT systems and OT (operational technology) systems in the wastewater department. For this task, I coordinated with the FBI's National Infrastructure Protection Center (NIPC), which led to collaboration with the San Diego field office and their computer crime squad. After that, security simply became another "hat" I wore along with all the other job duties.

How long have you been in the CIS Controls Community?

Since 2017. I created a training course with eight modules to teach cybersecurity professionals how to implement the first six CIS Controls (version 6.1) as part of a cyber hygiene program. Because I was using CIS's materials directly in the training, I got in touch and we executed a Supporter Agreement. At that point, I became a CIS Controls Ambassador.

Why did you decide to join the community?

I was invited to provide input into the update from Version 6.1 to Version 7.

What is your favorite CIS Control? Why?

Well, I really don't have "one favorite" Control. With the newest release (V7.1) and the use of Implementation Groups, I have been more focused on the CIS Sub-Controls. However, if I were to choose one Control, it would be CIS Control 17: Implement a Security Awareness and Training Program.

Taking into account that the majority of the CIS Controls are procedural or technical in nature, this one has the potential for impacting the successful implementation of the others. After all, having a trained (educated) and cyber-aware workforce goes a long way in preventing cyber incidents.

What is one thing you would tell folks about the CIS Controls Community?

Don't be afraid to ask tough questions. This includes the wording and intent of a CIS Sub-Control. If you feel there's something wrong with the way it describes a situation or the suggested control mechanism, then please say something. The purpose of the community is not only to share knowledge, but also to have a broad spectrum of expertise to discuss the controls.

What's the latest CIS Controls Volunteer Community project you’ve contributed to?

I reviewed content and provided input for Version 7.1, including the creation of “Implementation Groups.” Through this interaction with the CIS Controls Community, I had conversations with other, like-minded cyber professionals who are focused on small businesses. One person in particular, Tony Krzyzewski from New Zealand, has been a great resource for sharing information.

For the overall cybersecurity community (not just CIS Controls), I just finished developing four courses, comprised of 20 learning modules, for one of a few new certificate programs being developed by InfraGard. The one I created is an Introduction to Cybercrime Prevention certificate program, and the courses include Introduction to Network and System Security, Introduction to Business Disruption Attacks, Introduction to Insider Threats, and Introduction to Social Engineering.

What are your favorite cybersecurity blogs, podcasts, or books?

Since I retired, I've mostly concentrated on teaching and writing. So if I may, I would like to recommend my new book, "Creating a Small Business Cybersecurity Program."

Press release: CIS Controls Ambassador, Alan Watkins Pens New Book