CIS Controls Volunteer Spotlight: Giacomo Lunardon
The CIS Controls offer prioritized and prescriptive guidance on how to achieve an effective cybersecurity program. They are developed through a collaborative, consensus-driven effort by members of the CIS Controls Team together with expert volunteers from around the world. Our volunteers come from diverse backgrounds and are experienced in a variety of subjects and technologies. Together, we learn from each other as we share ideas and tips about cybersecurity, defense-in-depth strategy, and risk planning. Some of our volunteers even translate the CIS Controls into their local language for wider distribution.
For this edition of the Volunteer Spotlight, we spoke with Giacomo Lunardon, from Asti, Italy. Keep reading to find out what it's like to be part of this unique community. We hope you'll join us by becoming a volunteer as well!
Please tell us about yourself.
Since 1993, I have been working for the Italian Ministry of Education as a school lab technician. During the last 10 years, as the IT Administrator supporting teaching activity, I have managed networks, servers, users, and virtualization. I also worked in research and experimentation in the agricultural sector for about five years, collecting and processing statistical data.
How long have you been using the CIS Controls?
At the direction of the Italian Agency for Digitization (AGID), I prepared my first document about the "Minimum Measures for ICT Security in Public Administrations" in early 2018.
What is your favorite CIS Control? Why?
Applying the Controls in a school environment is very important to me. Controls 1 and 2 (Inventory) as well as Control 6 (Monitoring Logs) and Control 15 (Wireless Control) are the most useful CIS Controls. Of course, the goal is to apply all possible CIS Controls to achieve a higher level of security.
What is the latest project you’ve contributed to?
I developed an Italian translation of Controls V7.1.
Why did you volunteer to translate the CIS Controls?
With my translation, I would like to spread the culture of IT Security as applied to the school environment, where adequate measures are often lacking. I would also like to ensure safe access to information technology to students (especially minors) and teachers, educating them about the use of open source software. This must be the first priority for an IT administrator.
What are your favorite cybersecurity blogs, podcasts, or books?
I usually follow some open-source community forums useful for applying CIS Controls, such as pfSense, Nmap, openVAS, NXLog, GreyLog, Ossim, and Kismet. I also read the official ministerial web sites as often as I can.