CIS values all of the volunteers who work hard to make sure the CIS Benchmarks and CIS Controls reflect a global knowledge base of the latest known cyber threats from IT professionals. This consensus process ensures CIS remains the objective, referenced standard for cybersecurity resources in industry, government, and academia.
We’ll be publishing profiles of the volunteers on the CIS website in coming months. Our goal is for you to learn more about the people behind the development of the CIS Benchmarks and CIS Controls.
This month CIS is highlighting the volunteer team of James and Kelli Tarala. James and Kelli are two of our most dedicated and loyal volunteers.
Learn more about their involvement in the CIS Controls in the following interview.
CIS: When did you become a member of the CIS Controls volunteer community?
James: I started volunteering for the CIS Controls in 2008, when the project first started.
Kelli: I started volunteering at the outset in 2008 when the project first started. CIS Board Member Alan Paller sent a note asking for volunteers and the rest is history.
CIS: What are you working on now for the CIS Controls?
James: I’m working on edits to the new version of the CIS Controls V.7 we hope to release in January 2018. I’m very excited about the new updates to the security measures and metrics in this upcoming version. I think these latest updates will help organizations to automate the measurement of their security programs and communicate risk to senior leadership.
Kelli: My work is also on the CIS Controls V.7. My focus for this version is a more of a data-centric view on the CIS Controls versus a
system-centric view. The new version will include updated metrics and sensor information. These additions will be tremendously valuable tools for implementers.
CIS: What is your present job?
James: I wear many hats, but most of my time is spent as a consultant assessing organizations’ security programs at Enclave Security and serving as a Senior Instructor at the SANS Institute.
Kelli: I am one of the principals at Enclave Security and AuditScripts and I am heavily involved with Government Risk Compliance work. Currently, I am investing lots of time updating security tools like policies and checklists in preparation for the upcoming European Union General Data Protection Regulation mandate.
CIS: What do you think is the best thing about the CIS Controls?
James: The best thing about the CIS Controls is their ability to provide clear, prioritized guidance to organizations regarding what actually works to stop cyber-attacks. Too many people feel hackers cannot be stopped, but that’s simply not true. Following simple guidance seen in the CIS Controls, organizations can make a difference and put a stop to most of the most common attacks seen against organizations today.
Kelli: The CIS Controls community has fascinating volunteers with years of experience in so many different private and public organizations. The cross section of expertise adds strength and credibility to the CIS Controls.