CIS Controls Volunteer Spotlight: Randy Marchany


Randy Marchany headshot

The CIS Critical Security Controls® (CIS Controls®) offer prioritized and prescriptive guidance on how to achieve an effective cybersecurity program. They are developed through a collaborative, consensus-driven effort that involves members of the CIS Controls team and expert volunteers from around the world. Our volunteers come from diverse backgrounds, and they are experienced in a variety of subjects and technologies. Together, we learn from each other as we share ideas and tips about cybersecurity, defense-in-depth strategy, risk planning, and more.

Randy Marchany, University IT Security Officer (CISO) at Virginia Tech, has been a CIS Controls Community member since the beginning. In his 24 years volunteering with CIS, he has gleaned lots of knowledge about various aspects of cybersecurity and made lots of great connections across a wide variety of sectors, including financial, educational, and government.

A long-time contributor, Marchany helped write the original CIS Unix Benchmarks and most recently served as a member of the CIS Controls v8 Working Group. He’s learned a lot from his volunteer efforts over the years, including how to make compliance with various frameworks easier to manage.

Marchany has been able to take what he’s learned as a CIS Controls Community member and apply it to his job at Virginia Tech.

“We’re in the process of implementing CIS Controls v8 across our entire enterprise…hopefully finishing in late 2025,” said Marchany.

"The CIS Controls are a good way to bridge the gap from high level security frameworks like ISO 27002, NIST 800-53 and NIST 800-171 to operational ‘rubber meets the road’ commands and checklists."

Interested in becoming a volunteer like Randy Marchany? Join a CIS Community today.