CIS Logo
tagline: Confidence in the Connected World

CIS Controls Volunteer Spotlight: Tony Krzyzewski

CIS-Controls-Volunteer-Tony-KThe CIS Controls™ cybersecurity best practices are created through a unique consensus-development process. Members of the CIS Controls team partner with volunteers from around the world to determine effective security controls for cyber defense. Our volunteers come from all backgrounds and bring diverse experience in various technologies and subjects. Together, we learn from each other to share ideas and tips about cybersecurity, defense-in-depth strategy, and risk planning. Keep reading to find out what it's like to be part of about this unique community and how you can participate.

Please share a little about yourself.

I have worked in the IT industry for the past 42 years with the last 25 years focused on cybersecurity. I am now a Director at SAM for Compliance Ltd. which specializes in compliance, audit, and risk; helping organizations reduce their level of cybersecurity-related risk. I am an Ambassador for the Global Cyber Alliance and the New Zealand Convenor on the International Standards Organization SC 27 Standards Committee.

Where are you from?

Hawkes Bay, New Zealand

How long have you been in the CIS Controls Community?

Two years.

Why did you decide to join the community?

I strongly believe that good IT operational practices drive a reduction in cybersecurity-related risk and that the CIS Controls help drive those operational practices. I wanted to help develop the CIS Controls and use my quarter of a century experience in this sector to make them even more effective.

What is your favorite CIS Control? Why?

I am split between 7.7: Use DNS Filtering Services and 7.8: Implement DMARC and Enable Receiver Side Filtering. Why? Because I worked hard to get both of these controls added into CIS Controls Version 7 as new methods of improving cybersecurity.

How did you get into cybersecurity?

I think the trigger came when I was working for BICC Communications in the early 90's and we introduced the first network access control technology into the ISOLAN repeaters. As the internet developed, I saw that cybersecurity was going to be essential to business and introduced the first commercial firewalls into New Zealand in 1994. Then someone asked me to test their network for risks and I’ve been having fun ever since.

What is one thing you would tell folks about the CIS Controls Community?

The CIS Controls Community is a great place to share and learn from others who have a real desire to help organizations reduce their level of risk. Every single one of the controls is discussed, debated, (and even) argued at times. This level of interaction is really stimulating.

What are your favorite cybersecurity blogs, podcasts, or books?

My favorite book is Security Battleground, published in 2012 by Intel Press. This was one of the first books I read that explained cybersecurity at an executive level. The content has helped me explain the need for effective controls to boards and executives.

Share some information on the latest community project you’ve contributed to.

My two most recent projects in the CIS Controls Community have been the development of Implementation Groups within CIS Controls V7.1 and the creation of the CIS Controls Cloud Companion Guide. I am also providing some input into the CIS Controls IoT Companion Guide.

Do you want to share anything else?

I encourage every organization to implement the CIS Controls and have a way to manage, monitor and report on their cybersecurity improvement program. With the introduction of Implementation Groups in CIS Controls V7.1 we have made it easier for organizations to identify which of the CIS Sub-Controls should be prioritized. These recommendations are based on an organization’s size and maturity, making it even easier to start the process, today.