This month we’re sharing an interview with CIS Controls volunteer Rick Doten
CIS values all of the volunteers who work hard to make sure the CIS Benchmarks and CIS Controls reflect a global knowledge base of the latest known cyber threats from IT professionals. This consensus process ensures CIS remains the objective, referenced standard for cybersecurity resources in industry, government, and academia.
CIS: When did you become a member of the CIS Controls Volunteer Community?
Rick: In 2014 I started a blog series discussing how to apply the CIS Controls to Mobile Security devices. I have been collaborating with people working on the earlier versions of the CIS Controls since 2010.
CIS: Tell us what you have done for the CIS Controls, including what you are working on now.
Rick: After creating the CIS Controls blog series, I contributed a lot to the CIS Controls V6. My next job was as serving as the lead writer for the Privacy Implications Guide for the CIS Controls V6, which teaches how to identify opportunities to integrate privacy considerations into data security controls. I was also the lead writer for the Mobile Security Companion to the CIS Controls, which, as the name implies, provides guidance for applying the CIS Controls to mobile devices.
I contributed to the Internet of Things (IoT) Security Companion to the CIS Controls and Privacy Impact Companion. I was also a panelist on CIS’ Privacy Panel for the New America Webcast held in Washington, DC last year.
CIS: What and where is your present job?
Rick: I am the Chief, Cyber and Information Security for Crumpton Group LLC in Arlington, Virginia. I run the cybersecurity team where we provide strategic guidance for large company CISOs and sometimes act as surrogate CISOs for companies who want to create or improve an IT risk management program.
CIS: What do you think is the best thing about the CIS Controls?
Rick: The diversity of the people involved; the volunteers represent almost all industries, and come from around the world. I also like that the CIS Controls are objective and not tied to a specific model, be it national government, a security vendor, or regulatory body. The CIS Controls are a universal tool for small to large organizations. Plus, we are always looking to expand and grow our guidance into different areas of support, such as IoT or Risk Management, to better support the industry.