Home Insights PodcastsEpisode 165: An In-Depth Look at CIS Controls Implementation

Episode 165: An In-Depth Look at CIS Controls Implementation

In Episode 165 of Cybersecurity Where You Are, Tony Sager sits down with Valecia Stocchetti, Senior Cybersecurity Engineer at the Center for Internet Security^® (CIS^®), and Charity Otwell, Director of Critical Security Controls at CIS. Together, they take an in-depth look at implementing the CIS Critical Security Controls^® (CIS Controls^®), including what you need to know to begin your own CIS Controls implementation efforts.

Here are some highlights from our episode:

00:53. Introductions to Valecia and Charity
02:48. How the CIS Controls ecosystem answers the deeper question of how to implement
06:42. The importance of clear strategy, business priorities, and a realistic timeline
09:56. How the CIS Community Defense Model (CDM) clarifies cyber defense priorities
13:01. The use of calculations around costing to make a security program achievable
15:31. Bringing IT and the Board of Directors together through governance
20:36. "Herding cats" as a metaphor for navigating different compliance frameworks
23:17. Why one prescriptive ask per CIS Safeguard starts cybersecurity workflows
25:30. "Why" vs. "how" communication, accountability, staffing, budget, and continuous improvement as keys to success for CIS Controls implementation
42:03. CIS Controls Assessment Specification as an answer to implementation subjectivity
47:21. Parting thoughts around team effort, change, and CIS Controls Accreditation

Resources

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].

Subscribe to Our Podcast

As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.