Get a MacBook Air, $400 Amazon Gift Card, or Take $400 Off with OnDemand Training - Learn More


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

The Critical Security Controls: From Adoption to Implementation A SANS Survey

  • Tuesday, September 09, 2014 at 1:00 PM EDT (2014-09-09 17:00:00 UTC)
  • Katherine Brocklehurst, Wolfgang Kandek, Tony Sager (moderator), James Tarala, Brian Mehlman, Barbara G. Kay


  • EiQnetworks
  • Mcafee LLC
  • Qualys
  • Tripwire, Inc.

You can now attend the webcast using your mobile device!



Awareness of the Critical Security Controls (CSCs) is high across many vertical industries, according to the first SANS Critical Security Controls Survey, which was published in June 2013. In it, 73% of 699 respondents from government (20%), financial (17%), health care, high tech and education (5% each) verticals said they are familiar with and/or adopting the Critical Security Controls. They also had problems with prioritization, integration, and achieving the full visibility that they need to protect and defend their networks.

Now, SANS is conducting its second survey on the CSCs, which focuses on learning about the advances CSC adopters have made and the difficulties they have encountered in adopting the controls. In this webcast, we will identify what verticals are adopting the controls and help the community learn how to prioritize and adopt these controls.

Join this webcast, featuring SANS CSC course author and instructor James Tarala and Tony Sager, SANS Director and Director of the Consortium for Cybersecurity Action, to learn full results of the survey and the current state of CSC adoption. We will celebrate the wins and explore the barriers to adoption, including:

  • How participants have implemented the CSCs
  • Who in their organizations champion adoption
  • How they demonstrate progress in implementation
  • What improvements in security posture they have documented as a result of implementing the CSCs
  • What participants have put on their wish lists for improving their experiences in adopting CSCs

View the Associated Whitepaper

Speaker Bios

Barbara G. Kay

Barbara G. Kay, CISSP, is Senior Director of Security Product Marketing at ExtraHop. She focuses on the needs and opportunities for reinventing security operations and the Reveal(x) product line. Prior to ExtraHop, she led security operations market research and product marketing for McAfee and was responsible for the threat intelligence and analytics solutions, as well as the security information and event management (SIEM) Platform. She has also served as Director of Security and Privacy Marketing for Sun Microsystems. She is a frequent contributor to online publications and blogs and holds a BA from Dartmouth College.

Brian Mehlman

Brian Mehlman has over 20 years' experience working in senior technical, product marketing and management positions with innovative and industry leading software companies. Prior to EiQ Networks, Brian helped deliver solutions in the areas of Network, Systems, Storage and Security management for Q1 Labs, Network Appliance, 3COM Corporation, Fidelity Investments and Hewlett Packard. Brian played an integral role in two successful acquisitions: Metrix Network Systems by Hewlett Packard and Webmanage Technologies by Network Appliance.

James Tarala

James Tarala is a principal consultant with Enclave Hosting, LLC and is based out of Venice, FL. He is a regular speaker and senior instructor with the SANS Institute as well as a courseware author and editor for many of their auditing and security courses. As a consultant he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft based, directory services, e-mail, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues and often times performs independent security audits and assists internal audit groups to develop their internal audit programs. James completed his undergraduate studies at Philadelphia Biblical University, his graduate work at the University of Maryland, and holds numerous professional certifications.

Tony Sager (moderator)

Tony Sager is the Chief Technologist and a founding member of the Council on CyberSecurity - an independent, international, non-profit organization whose mission is to identify, validate and sustain best practices in cybersecurity by people, in the application of technology, and in the use of policy. He leads the development of the Top 20 Critical Security Controls, a world-wide volunteer consensus activity to find and support technical practices that stop the vast majority of attacks seen today. Tony also serves as the Director of the SANS Innovation Center, a subsidiary of The SANS Institute. Tony retired from the National Security Agency in June 2012 after 34 years as an Information Assurance professional. His last job was Chief Operating Officer of the Information Assurance Directorate. Before that he created and led the Vulnerability Analysis and Operations Group (VAO), which was responsible for some of NSAs most important advancements in cyber

Wolfgang Kandek

Wolfgang Kandek, CTO of Qualys, is responsible for product direction and all operational aspects of the Qualys Cloud Platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Before joining Qualys, Wolfgang was director of network operations at the online music streaming company and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany. Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog.

Katherine Brocklehurst

Katherine Brocklehurst has been involved in product management and product marketing in network security for over 15 years. Working with network security technologies ranging from protocols to core encryption to intrusion detection/prevention to XML firewalls for web apps, she's touched every layer in the ISO model. Katherine is now focusing on security metrics, analytics and connecting IT security to business initiatives. It is now a fundamental job requirement that CISOs and their teams be able to better manage and communicate their efforts in support of business initiatives, and Katherine works on this every day as senior product marketing manager at Tripwire.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.