Episode 146: What Security Looks Like for a Security Company

 

 

In episode 146 of Cybersecurity Where You Are, Tony Sager is joined by Angelo Marcotullio, Chief Information Officer at the Center for Internet Security®(CIS®); and Stephanie Gass, Sr. Director of Information Security at CIS. Together, they look back on periods of transition at CIS to discuss what security looks like for a security company.

Here are some highlights from our episode:

  • 00:58. Introductions with Angelo and Stephanie
  • 02:07. A pro and a con of IT consulting work
  • 04:12. The importance of soft skills in bringing the Multi-State Information Sharing and Analysis Center® into CIS
  • 06:12. Looking at security from a corporate perspective with the CIS Critical Security Controls®
  • 07:08. How IT and IT security are essential to corporate strategy
  • 07:45. The use of governance to support merging three business units into an integrated security company
  • 12:04. The value of security champions in adapting to regulatory and business changes
  • 15:15. What IT and Security teams can accomplish when they work as partners
  • 17:18. The use of data to inform Board decisions and conversations around risk
  • 20:38. How getting a seat at the table helps with understanding a Board's risk appetite and communicating that out to teams
  • 25:01. How infrastructure built for growth, not the smallest business case, produced a smooth transition to work from home in March 2020
  • 29:30. Advice for folks starting out in security
  • 31.28. The importance of collaboration and culture in implementing security as an organization

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.