This month CIS is sharing an interview with CIS Benchmarks volunteer Paul Campbell.
CIS values all of the volunteers who work hard to make sure the CIS Benchmarks and CIS Controls reflect a global knowledge base of the latest known cyber threats from IT professionals. This consensus process ensures CIS remains the objective, referenced standard for cybersecurity resources in industry, government, and academia.
We’ll be publishing profiles of the volunteers on the CIS website in coming months. Our goal is for you to learn more about the people behind the development of the CIS Benchmarks and CIS Controls.
Learn more about Paul’s involvement in the CIS Benchmarks in the following interview.
CIS: When did you become a member of the CIS Benchmarks volunteer community?
Paul: I joined the CIS Benchmarks community in March 2014. Like many contributors, I provided feedback through the public mechanism and was invited to join the volunteer community.
CIS: What are you working on now for the CIS Benchmarks?
Paul: 2017 has actually been my most active year with the CIS Benchmarks. With the Apple iOS community, I authored a new CIS Benchmark for iPhone and iPad deployments. Recently I joined in on creating a new CIS macOS Safari Benchmark. Plus, I’m always lurking on the macOS board to see what’s going on.
CIS: What and where is your present job?
Paul: I’m an information security consultant in Seattle, living on Bainbridge Island with my wife and toddler. My work rotates between CISO staff augmentation, risk assessment, and security program development. The firm I work with, Anitian, is a big supporter of community contribution and even allows allocating a percentage of work hours to community projects like the CIS benchmarks.
CIS: What do you think is the best thing about the CIS Benchmarks?
Paul: They contain practical security recommendations. The content comes from a diverse set of contributors and considers realistic threats. The CIS Benchmarks content is then presented as a series of recommendations, with rationales, that should be considered by the implementer and selected as appropriate to their use case. People need to think for themselves when implementing controls and the CIS Benchmarks processes and philosophy support that.