CIS Benchmarks Community Volunteer Spotlight: SecureSky, Inc.

Secure-sky-iconAt the Center for Internet Security (CIS) we have the privilege of working with some of the brightest minds in cybersecurity through our volunteer Communities. While we frequently highlight individuals in our profile interviews, it is not uncommon for some of our contributors to already be working as part of a team.

In this profile we meet such a group of people. SecureSky, Inc., headquartered in Omaha, Nebraska, has employees throughout the United States. They focus on continuous security protection to reduce the likelihood of a successful attack against their clients’ applications, services, and environments.

If you (and/or your colleagues) would like to be part of the CIS Benchmarks Community, please let us know!

Please tell us a little about yourself.

We are SecureSky, a Cloud Security Posture Management (CSPM) company.

How long have you been in the CIS Benchmarks Community?

Several members of SecureSky’s team have been working with CIS since 2002, originally contributing to the 2003 Oracle Benchmark. As SecureSky extended its CSPM offering for SaaS, it was a natural fit to become involved in creating and maturing CIS Benchmarks for some of the largest SaaS providers such as Office 365 and G-Suite.

Why did you decide to join the CIS Benchmarks community?

In 2002, it was the recognition that standards were lacking and a desire to contribute back to the community. Eighteen years later, we have very much the same motivation. Seeing the rapid adoption of cloud, misunderstandings regarding the shared responsibilities model, and the failure of some enterprises to incorporate their cloud footprint into their risk management programs, we believe that a collective community providing standards developed by experts is more important than ever.

What is your role in the community?

Four of SecureSky’s security experts, Wacey Lanier, Brian Greidanus, Michael Born, and Brandon Cox, of late have been supporting the Office 365 Foundation Benchmark v1.1 (and 1.2 development), as well as initiating the development of a CIS Benchmark for G-Suite.

How did you get into cybersecurity?

Many of SecureSky’s team began in traditional IT development or operations roles and were early participants in the cybersecurity and compliance expansion in the late 1990s and early 2000s.

What is one thing you would tell folks about the CIS Benchmarks Community?

Volunteer! The information technology world has become so complex and specialized that if you have experience in configuring and testing, your contribution will help the good guys!

What are your favorite cybersecurity blogs, podcasts, or books?

Lately we’ve been catching up on “Down the Security Rabbit Hole” (#DTSR) podcasts. Of course, for some light reading, there’s also the “Binary Analysis Cookbook: Actionable recipes for disassembling and analyzing binaries for security risks” from our very own Michael Born. Wacey Lanier also co-hosted an Office 365 Security themed webinar, diving through MFA (+Modern & Basic Auth), 3rd Part App & Add-in permissions, and Security Monitoring.

Share some information on the latest community project you’ve contributed to.

As mentioned above, our most recent project is working on an initial G-Suite CIS Benchmark and looking to add our security engineers onto the Azure and AWS teams.

Do you want to share anything else?

SecureSky has three primary offerings in cybersecurity: SecureSky Consulting, our Active Protection Platform, and SecureSky Managed Detection and Response. You can learn more about us at

Thanks to all of you for your contributions to the CIS Benchmarks Community!