CIS Controls Community Volunteer Spotlight: David Tchozewski
The CIS Critical Security Controls offer prioritized and prescriptive guidance on how to achieve an effective cybersecurity program. They are developed through a collaborative, consensus-driven effort that involves members of the CIS Controls team and expert volunteers from around the world. Our volunteers come from diverse backgrounds, and they are experienced in a variety of subjects and technologies. Together, we learn from each other as we share ideas and tips about cybersecurity, defense-in-depth strategy, risk planning, and more.
David Tchozewski, retired Director of Information Technology at Kenowa Hills Public Schools in Grand Rapids, Michigan, has been a CIS Controls Community member for two years. He was a technology director for nine years before joining the CIS Controls Community. He is now part of the CIS Controls – Policy Templates Group working on Implementation Group 1 (IG1) templates where, interestingly, his involvement in the working group started off by asking a question.
"The CIS team reached out to me after I had posted in a CIS forum asking if anyone had developed policies for IG1 items,” said Tchozewski. “My district had begun working on the assessment and discovered how few policies we had in place that addressed the control group. When asked if I would assist, I said, 'Yes, though I feel like I’m hugely underqualified.'"
After jumping head-first into the Community, he was instrumental in moving a regional project in Michigan along using knowledge he acquired from his involvement with the CIS Controls Community. Collectively, 20+ school districts in West Michigan began working on a cybersecurity project, and since they were all working on the same goals, they decided to work together to develop policies and plans.
"Cybersecurity issues and needs are driving changes in many school districts, and those teams are being asked to handle those things without the necessary expertise or staffing. When I joined the project, it 'enlightened' me to the fact that so much work needed to be done," he said.
Tchozewski says he appreciates the work of the CIS team in developing policy templates as they are very much needed, especially for those who are unable to commit a full-time staff member to cybersecurity efforts.
A Community member for two years and a volunteer for a year and a half, Tchozewski understands the importance of cybersecurity as it relates to information technology programs regardless of industry.
“I quickly learned how underprepared I was to confidently lead my district in implementing a full cybersecurity program; it clearly takes a village,” he said. “If you want to be at the forefront of work being done at a national level regarding cybersecurity, this is the community for you.”
Interested in becoming a volunteer like David Tchozewski? Join a CIS Community today.