Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world

About Us Leadership Principles Testimonials


secure your organization
Secure Your Organization

secure specific platforms
Secure Specific Platforms

cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments

View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities

CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers




filter by topic
Filter by Topic

View All Resources  
CIS Logo Show Search Expand Menu

CIS Controls Volunteer Spotlight: Tony Krzyzewski

CIS-Controls-Volunteer-Tony-KThe CIS Controls™ cybersecurity best practices are created through a unique consensus-development process. Members of the CIS Controls team partner with volunteers from around the world to determine effective security controls for cyber defense. Our volunteers come from all backgrounds and bring diverse experience in various technologies and subjects. Together, we learn from each other to share ideas and tips about cybersecurity, defense-in-depth strategy, and risk planning. Keep reading to find out what it's like to be part of about this unique community and how you can participate.

Please share a little about yourself.

I have worked in the IT industry for the past 42 years with the last 25 years focused on cybersecurity. I am now a Director at SAM for Compliance Ltd. which specializes in compliance, audit, and risk; helping organizations reduce their level of cybersecurity-related risk. I am an Ambassador for the Global Cyber Alliance and the New Zealand Convenor on the International Standards Organization SC 27 Standards Committee.

Where are you from?

Hawkes Bay, New Zealand

How long have you been in the CIS Controls Community?

Two years.

Why did you decide to join the community?

I strongly believe that good IT operational practices drive a reduction in cybersecurity-related risk and that the CIS Controls help drive those operational practices. I wanted to help develop the CIS Controls and use my quarter of a century experience in this sector to make them even more effective.

What is your favorite CIS Control? Why?

I am split between 7.7: Use DNS Filtering Services and 7.8: Implement DMARC and Enable Receiver Side Filtering. Why? Because I worked hard to get both of these controls added into CIS Controls Version 7 as new methods of improving cybersecurity.

How did you get into cybersecurity?

I think the trigger came when I was working for BICC Communications in the early 90's and we introduced the first network access control technology into the ISOLAN repeaters. As the internet developed, I saw that cybersecurity was going to be essential to business and introduced the first commercial firewalls into New Zealand in 1994. Then someone asked me to test their network for risks and I’ve been having fun ever since.

What is one thing you would tell folks about the CIS Controls Community?

The CIS Controls Community is a great place to share and learn from others who have a real desire to help organizations reduce their level of risk. Every single one of the controls is discussed, debated, (and even) argued at times. This level of interaction is really stimulating.

What are your favorite cybersecurity blogs, podcasts, or books?

My favorite book is Security Battleground, published in 2012 by Intel Press. This was one of the first books I read that explained cybersecurity at an executive level. The content has helped me explain the need for effective controls to boards and executives.

Share some information on the latest community project you’ve contributed to.

My two most recent projects in the CIS Controls Community have been the development of Implementation Groups within CIS Controls V7.1 and the creation of the CIS Controls Cloud Companion Guide. I am also providing some input into the CIS Controls IoT Companion Guide.

Do you want to share anything else?

I encourage every organization to implement the CIS Controls and have a way to manage, monitor and report on their cybersecurity improvement program. With the introduction of Implementation Groups in CIS Controls V7.1 we have made it easier for organizations to identify which of the CIS Sub-Controls should be prioritized. These recommendations are based on an organization’s size and maturity, making it even easier to start the process, today.