Sign up to save your podcasts
Or
Share Tony Sager: Practicality Over Perfection and Simplifying Security Standards
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Tony Sager: Practicality Over Perfection and Simplifying Security Standards
About Tony Sager: Tony Sager is a renowned cybersecurity expert who has a distinguished career in both the government and private sectors. He started his professional journey as a mathematical cryptographer and software vulnerability analyst at the National Security Agency (NSA) where he held various leadership positions and received multiple awards for his technical and mission excellence. After retiring from NSA, Sager became the Senior Vice President and Chief Evangelist for the Center for Internet Security (CIS) where he leads the development of the CIS Critical Security Controls and is an active volunteer in numerous community service activities. With a background in mathematics and computer science, Tony sees himself as a "community organizer" in the cybersecurity industry, working with talented individuals to keep the world safe.
In this episode, Aaron and Tony Sager discuss:
- Cybersecurity in the context of national security
- Taking into account the importance of cyber risks in business decision-making and resource allocation
- The role that the Center for Internet Security (CIS) plays among a myriad of several cybersecurity frameworks
- The complexities and implications of building resilient systems
- How security and compliance go hand in hand
Key Takeaways:
- One of the best ways to help the economy defend itself from cyber threats is to teach help people make good security decisions when they don't have the expertise to do so
- With so many cybersecurity frameworks out there, the security industry has a responsibility to make security standards simpler and more accessible. The CIS controls aims to be very actionable and connect the dots across different frameworks.
- While a checklist mentality is not enough for security, compliance is vital for managing risk, and checklists can be an effective starting point to ensure basic coverage and capture past mistakes.
- It's important to strike a balance between preventing attacks and maintaining the system, without bankrupting the company by striving for a 100% success rate. Military generals understand that a decision doesn't need to be perfect to be effective, and this principle can apply to cybersecurity as well.
"Great people have gone on to take on some of the nation's and the economy's toughest challenges. I look around at that, and I go, ‘Wow, we could do this.’ I really believe, and I see the next generation, folks like you coming up, and I just go, man, if we can't make progress with all the great people, momentum, and opportunity in front of us, then that's on us." — Tony Sager
Connect with Tony Sager:
Website: https://www.sagercyber.org/
Email: [email protected]
LinkedIn: https://www.linkedin.com/in/tony-sager-56371043/
Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120
Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.
View all episodes
By Aaron Crow
5
1313 ratings
About Tony Sager: Tony Sager is a renowned cybersecurity expert who has a distinguished career in both the government and private sectors. He started his professional journey as a mathematical cryptographer and software vulnerability analyst at the National Security Agency (NSA) where he held various leadership positions and received multiple awards for his technical and mission excellence. After retiring from NSA, Sager became the Senior Vice President and Chief Evangelist for the Center for Internet Security (CIS) where he leads the development of the CIS Critical Security Controls and is an active volunteer in numerous community service activities. With a background in mathematics and computer science, Tony sees himself as a "community organizer" in the cybersecurity industry, working with talented individuals to keep the world safe.
In this episode, Aaron and Tony Sager discuss:
- Cybersecurity in the context of national security
- Taking into account the importance of cyber risks in business decision-making and resource allocation
- The role that the Center for Internet Security (CIS) plays among a myriad of several cybersecurity frameworks
- The complexities and implications of building resilient systems
- How security and compliance go hand in hand
Key Takeaways:
- One of the best ways to help the economy defend itself from cyber threats is to teach help people make good security decisions when they don't have the expertise to do so
- With so many cybersecurity frameworks out there, the security industry has a responsibility to make security standards simpler and more accessible. The CIS controls aims to be very actionable and connect the dots across different frameworks.
- While a checklist mentality is not enough for security, compliance is vital for managing risk, and checklists can be an effective starting point to ensure basic coverage and capture past mistakes.
- It's important to strike a balance between preventing attacks and maintaining the system, without bankrupting the company by striving for a 100% success rate. Military generals understand that a decision doesn't need to be perfect to be effective, and this principle can apply to cybersecurity as well.
"Great people have gone on to take on some of the nation's and the economy's toughest challenges. I look around at that, and I go, ‘Wow, we could do this.’ I really believe, and I see the next generation, folks like you coming up, and I just go, man, if we can't make progress with all the great people, momentum, and opportunity in front of us, then that's on us." — Tony Sager
Connect with Tony Sager:
Website: https://www.sagercyber.org/
Email: [email protected]
LinkedIn: https://www.linkedin.com/in/tony-sager-56371043/
Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120
Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.