March 2017 – 20 Critical Security Controls


Hello all,

I am very pleased to announce that Randy Marchany (I’m sure he’ll sign autographs later) from Virginia Tech has agreed to speak about the 20 Critical Security Controls at our next meeting.  This will be a great presentation from a great speaker, you really want to make this one if you can.  Our meeting will be at ECPI in Roanoke at 5:30pm on the 9th.  I have included the address below.  Thanks to ECPI for hosting this month and all those that make our meetings possible.  You guys rock!

The 20 Critical Security Controls

Defending information systems is becoming more complicated with the introduction of personally owned mobile devices (BYOD) and the Internet of Things (IoT) controllers. Where to spend your cyber defense budget effectively depends on your ability to prioritize where these dollars should be spent.  The 20 Critical Security controls provide a prioritized set of controls and metrics to give you the best chance of actually defending your IT assets. The controls align with a number of well established security standards/frameworks such as ISO 27002, NIST 800-53, PCI among them. This talk describes what the controls are and provides some metrics and spreadsheets for performing a gap analysis of the controls implementation. Virginia Tech is actively implementing the controls and this talk will discuss some of the successes and roadblocks encountered so far.

OK so normally I put a little bio together for our speaker so you have a chance to read a little background on the speaker but honestly Randy is such a cyber superstar that his bio is literally a page long.  So, while not complete here are some highlights of Randy’s bio.  Please check out the link at the bottom of the message for more info on Randy.

Randy is University Information Security Officer for Virginia Tech. He is also the director of the VA Tech IT Security Lab, a component of the university’s Information Technology Security Office.  He is the author of VA Tech’s Acceptable Use Statement and a co-author of the original FBI/SANS Institute’s “Top 10/20 Internet Security Vulnerabilities” document. He is a co-author of the SANS Institute’s “Responding to Distributed Denial of Service Attacks” document that was prepared at the request of the White House in response to the DDOS attacks of 2000.  He is also one of the founders of the Virginia Alliance for Secure Computing and Networking (, a consortium of security practitioners and researchers from VA Tech, U of Virginia, James Madison Univ., George Mason Univ. He has been a frequent speaker at national and international conferences such as Educause, SANS, IIA, ISACA, ACUA, International CISO symposium, IEEE, NIST, NY State OIT Security conference, FBI-Infraguard chapters, RSA.

Randys Bio


5234 Airport Rd NW Suite 200

Roanoke, VA 24012


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s