Episode 168: Institutionalizing Good Cybersecurity Ideas
In Episode 168 of Cybersecurity Where You Are, Tony Sager sits down with Tony Rutkowski, one of the CIS Critical Security Controls® (CIS Controls®) Ambassadors of the Center for Internet Security® (CIS®). Together, they discuss what Tony Rutkowski has learned in his efforts to institutionalize good cybersecurity ideas like the CIS Controls.
Here are some highlights from our episode:
- 01:48. Introductions to Tony Rutkowski and his career in technology
- 06:06. The evolution of the CIS Controls and how Tony Rutkowski came to advocate for them
- 12:50. The "Fog of More" as a metaphor to focus attention, not create new solutions
- 17:50. How institutionalizing good cybersecurity ideas is like conducting an orchestra
- 21:44. The use of timing and the right security content to help people clarify their intentions
- 24:25. The value of industry mappings in reducing duplicate implementation efforts
- 26:41. Secure by design: a 2025 example of creating a new formal global technical standard
Resources
- Episode 160: Championing SME Security with the CIS Controls
- Episode 167: Volunteers as a Critical Cybersecurity Resource
- Reasonable Cybersecurity Guide
- Cybersecurity at Scale: Piercing the Fog of More
- Mapping and Compliance with the CIS Controls
- Secure by Design: A Guide to Assessing Software Security Practices
- Episode 164: Secure by Design in Software Development
- CIS Critical Security Controls Implementation Groups
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
As of June 23, 2025, the MS-ISAC has introduced a fee-based membership. Any potential reference to no-cost MS-ISAC services no longer applies.