February 2021 – 20 Critical Security Controls: How You Doin’?

RISE regulars know we are fans of the Center for Internet Security’s Critical Security Controls. Renowned cybersecurity expert Randy Marchany joins us in February to share experiences and recommendations on implementation.

Version 7.1 of the Critical Security Controls represent the latest update to the set that prescribes “best bang for the buck” actions to protect against the most common attacks. Experienced professionals know that even the most basic actions do not translate to simple implementation. We’ll talk about some of the unexpected things that have “complicated” implementation such as hardware and software inventory, and work-from-home (WFH). Also, we’ll discuss some of the new CSC companion guides that provide guidance in applying the controls in a number of areas such as mobile, Internet of Things (IoT), and cloud. We’ll also show some spreadsheets developed to help measure implementation progress.

Join us virtually on February 11th – our meetings are free and open to all interested in cybersecurity. As we are still meeting virtually due to COVID-19 gathering restrictions, meeting details will be sent to subscribers of the RISE email list. Click the link below to subscribe!

Event Details
topic icon 20 Critical Security Controls
calendar icon February 11th, 2021 @ 5:30pm
location icon Virtual Event – sign up to RISE email list for connection info

Presenter Bio:

Randy Marchany is the University Information Security Officer for Virginia Tech. He is also the director of the VA Tech IT Security Lab, a component of the university’s Information Technology Security Office.

He is the author of VA Tech’s Acceptable Use Statement and a co-author of the original FBI/SANS Institute’s “Top 10/20 Internet Security Vulnerabilities” document. He is the co-author of the SANS Institute’s “Responding to Distributed Denial of Service Attacks” document that was prepared at the request of the White House in response to the DDOS attacks of 2000. He was part of the SANS Institute’s Secure Code project that developed a set of exams to test programmers’ knowledge of secure coding techniques. He has been a member of the SANS Institute’s faculty since 1992.

He is a co-author of the EDUCAUSE “Computer and Network Security in Higher Education” booklet. He is a member of the EDUCAUSE security task force focusing on risk assessment and security metrics. He was a coauthor of the original Center for Internet Security’s series of Security Benchmark documents for Solaris, AIX and Windows2000.

He is one of the original members of the US Cyber Challenge (USCC) Project. The USCC mission is to significantly reduce the shortage in the cyber workforce by serving as the premier program to identify, attract, recruit and place the next generation of cybersecurity professionals. He designed the curriculum for the USCC summer camps.

He is one of the founders of the Virginia Alliance for Secure Computing and Networking (www.vascan.org), a consortium of security practitioners and researchers from VA Tech, U of Virginia, James Madison Univ., George Mason Univ.

He has been a frequent speaker at national and international conferences such as Educause, SANS, IIA, ISACA, ACUA, International CISO symposium, IEEE, NIST, NY State OIT Security conference, FBI-Infraguard chapters, US Forest & Wildlife Service, Computer Security Conference, Air Force Material Command. He’s been the subject of articles in the Chronicle of Higher Education on security issues at university campuses.

He was a recipient of the SANS Institute’s Security Technology Leadership Award for 2000. He was a recipient of the VA Governor’s Technology Silver Award in 2003. He was part of the team that won the EDUCAUSE Excellence in Information Technology Solutions Award in 2005. He is a co-holder of two cybersecurity patents.

He is acknowledged as one of the North American masters of the hammer dulcimer. He is the author of the original theme song of National Public Radio’s nationally syndicated radio program, “World Cafe”. His band, “No Strings Attached” was nominated for or won “Indie” awards (independent record label’s version of the Grammy) for Best Album (String Music) category in 1984, 1985, 1986, 1988, 1990.