scw92

Security and Compliance Weekly Episode #92 – October 26, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Mapping Across an Ocean of Security Frameworks, Part 1 – 12:00 PM-12:30 PM

Announcements

  • In case you missed it: Paul’s Security Weekly’s new streaming time is Wednesday nights from 6pm-9pm ET & Enterprise Security Weekly’s new streaming time is Thursday afternoons from 3pm-4:30pm ET. You can view our live stream schedule at any time at https://securityweekly.com/live!

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista! Keynotes from Alyssa Miller, John Strand, Lesley Carhart, & Dave Kennedy! Visit https://securityweekly.com/unlocked to register for free and check out our rockstar lineup!

Description

Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, some real-world examples, and some real-life problems.

Guest(s)

Thomas Sager

Thomas Sager – at

Thomas Sager is an Associate Cybersecurity Engineer for CIS. In this role, he is dubbed as the team cryptographer for mapping of the CMMC and PCI frameworks to the CIS Controls. Sager is also working on the Controls Assessment Specification to provide a common understanding of what should be measured in order to verity that CIS Sub-Controls are properly implemented. Prior to joining the CIS, Sager was a commercial security consultant under a federal contractor, greatly benefiting from the opportunity to work within a variety of client environments.

Tony Sager

Tony Sager – Senior Vice President & Chief Evangelist at Center for Internet Security

Tony Sager is a Senior VP & Chief Evangelist for the Center for Internet Security. He led the work which later became known as the CIS Critical Security Controls – an independent, volunteer-developed, cyberdefense best practices program which is used throughout the industry. Tony has led numerous activities to develop, share, scale, and sustain effective defensive cyber practices for worldwide adoption.

Tony retired from the National Security Agency in 2012 after 34 years as a mathematician, computer scientist, and executive manager. One of the Agency’s first Software Vulnerability Analysts, he was one of the founders and later Chief of the System and Network Attack Center, NSA’s first defensive network security analysis organization. Tony was also founder and Chief of the Vulnerability Analysis and Operations Group, NSA’s premier technical organization in defensive analysis.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Mapping Across an Ocean of Security Frameworks, Part 2 – 12:30 PM-01:00 PM

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

  • Join us for our next live webcast on November 4th to learn about Pragmatic Steps to Reduce Your Software Supply Chain Risk. Then join us November 11th to learn the key insights and takeaways from the the 2021 OWASP top ten. Visit https://securityweekly.com/webcasts to save your seat! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand

Description

Tony and Thomas will discuss the importance, value, and challenge of cross-mapping security frameworks, and the rationale and process used by CIS to create end support mapping, and some real-world examples and some real-life problems.

Guest(s)

Thomas Sager

Thomas Sager – at

Thomas Sager is an Associate Cybersecurity Engineer for CIS. In this role, he is dubbed as the team cryptographer for mapping of the CMMC and PCI frameworks to the CIS Controls. Sager is also working on the Controls Assessment Specification to provide a common understanding of what should be measured in order to verity that CIS Sub-Controls are properly implemented. Prior to joining the CIS, Sager was a commercial security consultant under a federal contractor, greatly benefiting from the opportunity to work within a variety of client environments.

Tony Sager

Tony Sager – Senior Vice President & Chief Evangelist at Center for Internet Security

Tony Sager is a Senior VP & Chief Evangelist for the Center for Internet Security. He led the work which later became known as the CIS Critical Security Controls – an independent, volunteer-developed, cyberdefense best practices program which is used throughout the industry. Tony has led numerous activities to develop, share, scale, and sustain effective defensive cyber practices for worldwide adoption.

Tony retired from the National Security Agency in 2012 after 34 years as a mathematician, computer scientist, and executive manager. One of the Agency’s first Software Vulnerability Analysts, he was one of the founders and later Chief of the System and Network Attack Center, NSA’s first defensive network security analysis organization. Tony was also founder and Chief of the Vulnerability Analysis and Operations Group, NSA’s premier technical organization in defensive analysis.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JeffMan

Jeff Man

@MrJeffMan

#HackingisNotaCrime Advocate, Sr. InfoSec Consultant at Online Business Systems

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element