CIS Podcast: Cybersecurity Where You Are Ep.13
What's Important to You in Cybersecurity? A Host Q&A
In this edition of Cybersecurity Where You Are, CIS Chief Information Security Officer (CISO), Sean Atkinson, and CIS Senior VP and Chief Evangelist, Tony Sager do something a little different: they turn the questions on themselves, asking the 'Atkinson 9'. Listen to them discuss their favorite CIS Critical Security Controls, what they believe is the biggest waste of time in cybersecurity, and how they want to be remembered in the industry.
What are The Atkinson 9?
The "Atkinson 9" was inspired by James Lipton, host of 'Inside the Actors Studio', who was known for his practice of firing questions at his celebrity guests at the end of every interview. These nine questions were developed by Sean Atkinson and offers a quick insight into our hosts and why they are so passionate about cybersecurity. Normally asked in quick succession during a regular episode, Tony and Sean take a few moments with each question to go in depth and offer deeper explanations for their answers.
Likes and Dislikes about Cybersecurity
Both being part of the CIS family, they are close to the CIS Critical Security Controls. The two start with discussing which are their favorites of the recently release Version 8. Tony explains why CIS Control 4, Securing Configurations is so important when building a cybersecurity program. "It is the heart of security defense management," says Tony. While Sean, making the point that the more data you can gather, the more you know about an organization as a whole, states that CIS Control 3 Data Protection, is key.
They go on to discuss their likes and dislikes about the industry. Both hosts agree that the cybersecurity profession offers lifelong learning, and that was a major factor in attracting them to the field. Both Tony and Sean share the excitement that comes from problem solving, building solutions, and always dealing with something new. The flip side of that is that cybersecurity is so complex that most of the public cannot defend itself adequately. The industry is highly specialized so it is difficult to have the masses understand the importance of managing their own security.
Don't Go Chasing Cybersecurity Waterfalls
Cybersecurity management is a continuous process and there are things every organization can avoid that are a waste of time. The pursuit of perfection is virtually impossible. There is no set-it-and-forget-it model for cybersecurity for any business. Tony and Sean agree that, since you can never achieve perfection, it should not be the goal. The closest one can get to perfection is to manage risks and weigh outcomes for your own particular business and build from there.
Managing controls according to frameworks over security is another waste. Tony and Sean emphasize that building a plan according to industry frameworks is necessary, but it is not the starting point. They recommend focusing on security measures first, and then mapping to those frameworks for compliance.
In an Alternate Universe
With over 60 yeas of cybersecurity experience between them, it is hard to imagine Tony and Sean would do anything else! Tony speaks fondly of playing in a garage band, and says that if he was not in the cybersecurity profession, he'd be working in the arts and music. Sean had a dual-career idea of racecar driver and game developer, given that one offers speed and excitement and the other feeds his creative side. Both gentlemen reassured listeners that they are not quitting their day jobs anytime soon.
On the flip side, both have industries they would rather avoid. Tony said he would never go into academia due to the intense focus on specialties, while Sean has no interest in the medical field given his memories of his mother coming home from working at a hospital and sharing her vivid stories.
While our hosts have many years in the field ahead of them, they reflected on how they would like to be remembered. The two not only share a love for the industry but a genuine respect for one another in their respective roles.
Tony: "I want to be remembered that I did it in a way that aligned with my personal values, and I brought that to my job. That I did it my way in service of my community."
Sean: "I want to be remembered that I was never shy about trying to improve, that I was always learning. That I was dedicated to finding the solution and if I did not know it, I would learn about it or at least find someone who could do it and learn from them."
These are only a few of the topics Sean and Tony discussed. You can hear all their answers in the archived recording of this episode, accessible through the link above.
What are your answers to these questions? We would love to hear! Post to our Twitter or LinkedIn pages and use the hashtag #CISPodcast.