CIS Controls Ambassador Spotlight: Tony Krzyzewski
The CIS Critical Security Controls (CIS Controls) are cybersecurity best practices created through a unique consensus-development process. Members of the CIS Controls team partner with volunteers from around the world to determine effective security controls for cyber defense. Our volunteers come from all backgrounds and bring diverse experience in various technologies and subjects. Together, we learn from each other to share ideas and tips about cybersecurity, defense-in-depth strategy, and risk planning.
Tony Krzyzewski has worked in the IT industry for 45+ years with the last 30 years focused on cybersecurity. He is a Director at SAM for Compliance Ltd., which specializes in compliance, audit, and risk – helping organizations reduce their level of cybersecurity-related risk. He is an Ambassador for the Global Cyber Alliance, the New Zealand Convenor on the International Standards Organization SC 27 Standards Committee, and a CIS Controls Ambassador.
Krzyzewski has been active in the CIS Controls Community since 2016. He strongly believes that good IT operational practices drive a reduction in cybersecurity-related risk and that the CIS Controls help drive those operational practices. He joined the Controls Community to help develop the Controls using his 25+ years of experience in cybersecurity to make them even more effective.
“The CIS Controls Community is a great place to share and learn from others who have a real desire to help organizations reduce their level of risk,” said Krzyzewski. “Every single one of the Controls is discussed, debated, (and even) argued at times. This level of interaction is really stimulating.”
Krzyzewski is particularly fond of CIS Controls v8 Safeguards 9.2: Use DNS Filtering Services and 9.5: Implement DMARC because he worked hard to get both Controls initially added into CIS Controls v7 as new methods of improving cybersecurity.
He was also involved with the mapping of CIS Controls v8 to several standards and, more recently, helped develop the set of policies mapped to CIS Controls v8.
“The creation of these policies was a really interesting project with a group of specialists from around the world working together on the content,” said Krzyzewski. “The CIS Controls policies are designed to help organizations using the CIS Controls at the level of Implementation Group 1, where internal resources can frequently be constrained. This led to a lot of interesting discussions within the policy development group.”
As a CIS Controls Ambassador, he encourages every organization to use the CIS Controls as the base of their cybersecurity improvement program.
“Even if the organization is focused on becoming compliant with a larger standard, my message is to use the CIS Controls as a strong foundation which compliance with the larger standard can build on,” he said. “It has been really encouraging to see how well this message has spread since I first got involved with the CIS Controls, but there is still a long way to go yet and lots more for me to do.”
If you're interested in joining Tony Krzyzewski and other like-minded IT security professionals, join a CIS Community today.