Evolving Cyber Defenses — CIS Community Defense Model v3
Tuesday, June 30, 2026, 2 - 3 PM ET
The CIS Community Defense Model (CDM) is one of the most rigorous, data-driven models for understanding how the CIS Critical Security Controls® defend against real-world cyber threats. By mapping CIS Safeguards to the MITRE ATT&CK framework and grounding the analysis in authoritative industry threat data, the CDM gives enterprises an evidence-based answer to the question every security leader asks: Are we investing in the right defenses?
In this webinar, we walk through the evolution from CDM v2.0 to CDM v3.0 — examining what changed, why it changed, and what it means for your security program today.
What's New in CDM v3.0
CDM v3.0 soon to be released in 2026, represents a significant evolution in how the CIS Controls are analyzed and applied. The headline addition is a fundamentally new way of thinking about defense: the CIS Controls Kill Chain. Attendees will learn:
- The CIS Controls Kill Chain — a defender-centric view of the attack lifecycle
- New top five attack types and why they changed
- Significantly improved coverage numbers
- Updated frameworks and data
- Kill Chain-based decision making in practice
Why This Matters for Your Organization
The shift from CDM v2.0 to v3.0 reflects how the threat landscape has matured — and how defensive thinking must evolve with it. Knowing that a Safeguard mitigates a technique is valuable. Knowing when in an attack lifecycle that Safeguard stops an adversary in their tracks is a strategic advantage.
By attending this webinar, you’ll learn:
- Explain to leadership why IG1 remains the recommended starting point for enterprises of any size
- Use the CIS Controls Kill Chain to shift your security program's focus from technique coverage to lifecycle interruption
- Identify where your current control investments are in an attacker’s lifecycle, identify gaps and fill them as appropriate.
- Leverage CDM Attack Cards, master mappings, ATT&CK Navigator visualizations, and the new Kill Chain spreadsheet available on CIS WorkBench to operationalize these findings in your own environment
About Our Presenters
Curt Dukes
Executive Vice President and General Manager, Security Best Practices
Curt Dukes joined CIS as the Executive Vice President and General Manager of the Best Practices and Automation Group in January 2017. The CIS Benchmarks® and CIS Controls® program provides vendor-agnostic, consensus-based best practices to help organizations assess and improve their security. Prior to CIS, he served as the Director, Information Assurance for the National Security Agency, Central Security Service. In that role Curt was responsible for securing systems that handle classified and critical information for military and intelligence activities. Dukes earned a Bachelor’s Degree in Computer Science from the University of Florida, and a Master’s Degree in Computer Science from Johns Hopkins University. He is a 2004 graduate of the Intelligence Community Officer Training Program.
Phyllis Lee
Vice President of Security Best Practices Content Development
Phyllis Lee has over 25 years of experience in information assurance and has performed vulnerability assessments, virtualization research, and worked in security automation. Prior to joining CIS, Lee worked at the National Security Agency (NSA) focusing on the intersection between malware and virtualization, which included collaboration with MIT Lincoln Labs. Lee also participated in a variety of security automation standardization efforts and led the security automation strategy for the NSA Information Assurance Directorate (IAD). She graduated from Johns Hopkins University with a Master of Science in computer science.
Phillipe Langlois
Data Breach Investigations Report (DBIR) Author, Verizon
Philippe Langlois is currently working as the lead engineer and author of the Verizon Data Breach Investigations Report (DBIR). Prior to joining Verizon, he worked at CIS leading various data driven projects, such as the CIS Controls and the MS-ISAC Nationwide Cybersecurity Review.