CIS Controls Ambassador Spotlight: Vilius Benetis
The CIS Critical Security Controls (CIS Controls) cybersecurity best practices are the product of an ongoing consensus development process. Members of the CIS Controls team partner with volunteers from around the world to determine effective security controls for cyber defense. The CIS Controls Community is fortunate to include many experienced IT security professionals who volunteer their time and expertise to help improve cybersecurity best practices, making the connected world a safer place. One such volunteer is CIS Controls Ambassador Vilius Benetis, Director of NRD Cyber Security and Former President of ISACA Lithuania.
Throughout his career, Benetis has focused on the incident response domain and how to make cybersecurity work for nations, sectors, and organizations. Ultimately, he wants to create successful national sector and organizational Computer Security Incident Response Teams (CSIRTs) and Security Operations Centers (SOCs) throughout Europe, Africa, and Asia.
Benetis quickly realized that for those following the CIS Controls, there was less of a need for incident response in general.
Benetis first learned about the CIS Controls in 2013 and was immediately drawn to their practicality. For Benetis, the interest was more than just for the Controls themselves; he liked the story and people behind the best practices.
“I always wanted the CIS Controls to be applied in Lithuania, where the government seems to like them, too. So we translated a few of the Controls versions and printed them on posters and distributed them to government and private enterprises,” said Benetis. “Additionally, we printed hundreds of books and distributed them as Christmas presents during cybersecurity events.”
Benetis also advocates application of the Controls during different events and trainings such as the East Africa Cyber Defense conference, co-organized by Lithuania with Tanzanian and Ugandan partners.
“For me, the biggest pleasure is to learn by creating jointly and building on what already exists. This is why I crafted some Excel tools to do fast audits on Controls automation to diagnose how different Controls are currently automated in organizations,” he said. “It can be applied in 30 minutes during a discussion with an organization’s IT manager and shared back to the Controls team for inspiration.”
As a CIS Controls Ambassador, Benetis translated the CIS Controls and SANS posters into Lithuanian and volunteered with comments for CIS Controls v6, v7, and v8. He consistently shares his knowledge on the benefits and value that CIS Controls implementation brings to organizations and helps local entities implement an effective cybersecurity program. He also continues to co-create additional tools associated with the CIS Controls.
“We want to have friends in the United States and we have that with CIS. For me, the relationship is about knowledge building,” said Benetis.
“CIS is an organization with whom I can put brains together and figure out how to implement the CIS Controls as part of other security frameworks for people who have problems but don’t have a lot of money at their disposal.”
Benetis adds, “The CIS Controls are valuable for those who want some additional, deeper guidance comparing to NIST CSF or ISO 27001/2. The Controls Implementation Groups are a great tool to differentiate Safeguards.”
If you're interested in joining Vilius Benetis and other like-minded IT security professionals, join a CIS Community today.