In Episode 168 of Cybersecurity Where You Are, Tony Sager sits down with Tony Rutkowski, one of the CIS Critical Security Controls® (CIS Controls®) Ambassadors of the Center for Internet Security® (CIS®). Together, they discuss what Tony Rutkowski has learned in his efforts to institutionalize good cybersecurity ideas like the CIS Controls.

Here are some highlights from our episode:

• 01:48. Introductions to Tony Rutkowski and his career in technology
• 06:06. The evolution of the CIS Controls and how Tony Rutkowski came to advocate for them
• 12:50. The "Fog of More" as a metaphor to focus attention, not create new solutions
• 17:50. How institutionalizing good cybersecurity ideas is like conducting an orchestra
• 21:44. The use of timing and the right security content to help people clarify their intentions
• 24:25. The value of industry mappings in reducing duplicate implementation efforts
• 26:41. Secure by design: a 2025 example of creating a new formal global technical standard

Resources

• Episode 160: Championing SME Security with the CIS Controls
• Episode 167: Volunteers as a Critical Cybersecurity Resource
• Reasonable Cybersecurity Guide
• Cybersecurity at Scale: Piercing the Fog of More
• Mapping and Compliance with the CIS Controls
• Secure by Design: A Guide to Assessing Software Security Practices
• Episode 164: Secure by Design in Software Development
• CIS Critical Security Controls Implementation Groups

If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].