HomeInsightsBlog PostsCIS Controls Community Volunteer Spotlight: Diego Bolatti

CIS Controls Community Volunteer Spotlight: Diego Bolatti

Diego Bolatti headshotThe CIS Critical Security Controls (CIS Controls) Community brings together cybersecurity professionals from around the globe to share their expertise and collaborate on projects that make an impact in securing the connected world. Among them is Diego Bolatti, a Systems Engineer, researcher, and doctoral candidate based in Resistencia, Chaco, Argentina. Bolatti’s work focuses on extending structured, standards-aligned cybersecurity to small and medium-sized enterprises (SMEs) in Latin America, organizations that face significant risk yet are historically underserved by frameworks designed for larger, resource-rich environments.

CIS Contributions and Roles

Bolatti has been an active contributor to the CIS Controls Community, particularly through the CIS Controls Policy Templates initiative. Between 2022 and 2023, he collaborated on the creation of thirteen policy document templates covering areas such as enterprise asset management, data governance, vulnerability management, incident response, and service provider oversight.

These templates are available to download and serve as a practical bridge between the CIS Controls framework and day-to-day organizational governance. They provide organizations of all sizes, especially those without dedicated legal or security teams, with ready-to-use policy documents aligned to specific controls.

“Accessible, well-structured policy guidance is as critical to an organization’s security posture as any technical control,” Bolatti says.

Background and Academic Context

Bolatti holds a degree in Systems Engineering and is currently a doctoral candidate in Computer Science at the Universidad Nacional de La Plata (UNLP). His doctoral thesis, supervised by Lic. Javier Díaz, is grounded in Design Science Research (DSR) methodology.

He also holds a Master of Business Administration and a specialization in Engineering Management from UTN, shaping an approach to cybersecurity governance that is both technically rigorous and organizationally practical.

Bolatti conducts his research at CINAPTIC, the applied computing and innovation laboratory of Universidad Tecnológica Nacional (UTN), Facultad Regional Resistencia. He serves as Director of UTN research projects on cybersecurity frameworks, participates in the UTN Information Security Committee, and represents UTN in the Consejo Interuniversitario Nacional (CIN) Cybersecurity Sub-Commission.

Teaching with CIS Controls at the Core

Bolatti brings the CIS Controls framework directly into the classroom at UTN, where he teaches Cybersecurity Fundamentals and Information Systems Security. CIS Controls v8.1 provides the foundation of both courses, alongside ISO/IEC 27001 and NIST CSF 2.0, giving students a structured, standards-based understanding of cybersecurity.

Students are introduced to Implementation Group 1 (IG1) as the essential baseline every organization should achieve. As a result, graduates leave with the practical vocabulary and framework knowledge needed to build security programs aligned with global standards.

Beyond UTN, Bolatti has delivered a Cybersecurity Diplomatura, trained university staff across campuses, and presented on cybersecurity in digital education environments. He also delivered a keynote, “AI in Cybersecurity: Ally or Threat?”, for the CIN Cybersecurity Sub-Commission.

Research Contributions: An Integrated Cybersecurity Framework for SMEs

Bolatti’s doctoral research addresses a central challenge in cybersecurity, making standards-aligned governance achievable for organizations with limited resources.

His work develops integrated models that include:

  • Quantitative maturity scoring
  • Prioritized controls adapted to SME constraints
  • Resilience and continuity approaches
  • Human-centered awareness frameworks
  • Governance for artificial intelligence risks

All are grounded in CIS Controls v8.1 IG1 and designed as a cohesive architecture that enables SMEs to assess their posture, identify gaps, and follow a structured path toward improvement.

“The challenge is not defining controls, it is making them achievable for organizations operating with limited resources,” Bolatti explains.

SME-Cyber: From Framework to Automated Platform

Bolatti has led the development of SME-Cyber, an automated cybersecurity assessment platform that operationalizes his research.

The platform combines:

  • A guided questionnaire aligned with CIS Controls v8.1 IG1
  • AI-assisted document analysis
  • A conversational chatbot interviewer
  • Integration with the Wazuh SIEM platform

It produces a maturity dashboard, a prioritized remediation roadmap with localized cost estimates, and an auditable technical report. SME-Cyber is currently being prepared for pilot testing with SMEs in the NEA and Chaco region of Argentina.

Publications, Standards Work, and International Dissemination

Bolatti has represented UTN at ITU-T Study Group 20, contributing to work on Internet of Things and smart city cybersecurity.

In July 2024, his research group, CINAPTIC, achieved:

  • Approval of Technical Report YSTR-IADIoT
  • Advancement of YSTR-IADS toward a full ITU-T Recommendation

His research has been presented at CACIC 2025 and accepted for publication at JCC-BD&ET 2026. He also serves as a peer reviewer for multiple international conferences.

Impact

Bolatti’s work reflects the CIS Controls mission in practice, from policy templates and teaching to applied research and platforms tailored for SMEs.

Through these efforts, the protections represented by the CIS Controls are reaching the organizations that need them most, helping bridge the gap between global standards and real-world accessibility.

Interested in becoming a CIS Controls Community Volunteer like Diego Bolatti?

Join a CIS Community

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.

Join a CIS Community