Join us for the FREE DFIR Summit | Live Online on July 16-17


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Are You in Control? Managing the CIS Critical Security Controls within your Enterprise

  • Thursday, January 25, 2018 at 1:00 PM EST (2018-01-25 18:00:00 UTC)
  • Matt Bromiley, Andrew Kozloski


  • Hitachi Systems Security

You can now attend the webcast using your mobile device!



The Center for Internet Security (CIS) Critical Security Controls present 20 most effective actions an organization can take to protect its data, employees and customers. The controls include a wide-range of security issues that every information security leader should implement, monitor and track in order to effectively measure and manage risk. However, those that have tried to implement controls standards whether they are within the NIST, ISO, or CIS frameworks understand the immense challenges.

The implementation of security controls requires a comprehensive strategy and an investment of time, resources, and money. Security leaders need to ensure that they are able to effectively analyze their investments and that controls are in fact reducing risk. Countless organizations continue to invest haphazardly in their security programs and in particular in control implementation with little or no effect on their overall security posture.

In this presentation, Matt will provide:

  •    An overview of the CIS Critical Security Controls
  •    An in-depth examination of some of the most critical controls
  •    Real world case studies of actual breaches where controls were not in place, and how this impacted the organization
  •    Best practice insight into how organizations can manage and track the implementation of security controls

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Andrew Kozloski

As Security Evangelist, Andrew Kozloski is responsible for providing education about today’s increasingly complex security landscape, all while fostering a dialogue about effective strategies for improved protection against cybercrime. With over 10 years of experience in the IT industry, Andrew has worked with companies ranging from startups to Fortune 500 companies on a wide array of security initiatives. This includes collaborations on projects such as vulnerability management, security policy and process development, ethical hacking and security product development. Above all, Andrew considers himself to be a passionate public advocate for the work of the many security experts who surround him at HSS.

Prior to his current position as Security Evangelist, Andrew acted as Hitachi Systems Security’s Product Manager, was Information Security Analyst for SecureOps and developed security programs and policies on behalf of the mobile operator company T-Mobile.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.