Reasonable Cybersecurity: Oxymoron or Opportunity?
Thursday, October 23, 2025, at 2:00 P.M. ET
Cybersecurity has shifted from a purely technical issue to a strategic business concern. The focus is no longer just “Are we secure?” but rather “Have we made sound decisions to protect our enterprise, customers, and data?” This evolution raises a critical question: How much is enough? Currently, the U.S. lacks a national, cross-sector cybersecurity standard. In this pre-regulatory phase, cyber defense is largely voluntary, and often falls short. Fortunately, tort law and emerging state privacy regulations are introducing the concept of “reasonable” security: the duty of care organizations owe their customers. Yet, what qualifies as “reasonable” remains undefined.
During this session:
- Our experts will share diverse perspectives on the concept of reasonable cybersecurity and how to apply it throughout your organization
- You'll also learn how the Center for Internet Security has documented and shared this ongoing conversation as a practical resource.
About Our Presenters
Randy Marchany
University IT Security Officer (CISO) at Virginia Tech
Randy has been a CIS Controls Community member since the beginning. In his 24 years volunteering with CIS, he has gleaned lots of knowledge about various aspects of cybersecurity and made lots of great connections across a wide variety of sectors, including financial, educational, and government.
A long-time contributor, Marchany helped write the original CIS Unix Benchmarks and most recently served as a member of the CIS Controls v8 Working Group. He’s learned a lot from his volunteer efforts over the years, including how to make compliance with various frameworks easier to manage.
Phyllis Lee
Vice President of Security Best Practices Content Development, CIS
Phyllis has over 25 years of experience in information assurance and has performed vulnerability assessments, virtualization research, and worked in security automation. Prior to joining CIS, Lee worked at the National Security Agency (NSA) focusing on the intersection between malware and virtualization, which included collaboration with MIT Lincoln Labs. Lee also participated in a variety of security automation standardization efforts and led the security automation strategy for the NSA Information Assurance Directorate (IAD). She graduated from Johns Hopkins University with a Master of Science in computer science.
Eric Woodward
Founder and CEO if Protek Support
Eric Woodard stands as the epitome of path-breaking leadership in the cybersecurity space with 20+ years in the IT industry. His tenure as founder and CEO of Protek Support has witnessed the company's exponential growth and transformation into a resilient fortress against cyber threats. Under his stewardship, Protek Support has developed effective strategies to safeguard their clients against even the most sophisticated cyber attacks.
Woodard's expertise isn't limited to leading his team at Protek; he’s also been an active volunteer for 4+ years in service of the CIS Controls.
As a CIS Controls Ambassador, he uses his influence to promote internationally recognized best practices for securing IT systems and data — something he is truly passionate about.