Join us for in-depth talks, exclusive networking, and world-class training at Security Awareness Summit Dec 1-4!


To attend this webcast, login to your SANS Account or create your Account.

Critical Security Controls Survey

  • Tuesday, June 25, 2013 at 1:00 PM EDT (2013-06-25 17:00:00 UTC)
  • Tony Sager, Anil Nandigam, Kevin Skapinetz, John Bordwine, Ron Gula, John Pescatore


  • FireEye
  • Symantec
  • Tenable

You can now attend the webcast using your mobile device!



The Critical Security Controls (CSCs) are rapidly being adopted by companies and government agencies in the U.S., Canada and elsewhere to increase visibility into advanced threats, to shore up defenses, and ultimately for benchmarking and to improve risk posture.

As security managers become more familiar with the CSCs, theyre raising a number of urgent questions: What types of organizations are implementing what controls, and why? How integrated are these controls with overall operations and with risk management dashboards? And what new development, staffing and tool decisions will adopters have to make to address the control areas theyre focusing on?

In answer to these questions, this webcast examines the just-released results of a six-week survey on the CSCs conducted by the SANS Institute. These and other critical issues including adoption drivers,how to obtain leadership buy-in, and overcoming inhibitors to adoption will be explored during this webcast.

Register for this webcast and be one of the first to receive a SANS white paper on the CSCs, developed by John Pescatore with input from SANS director Tony Sager.

Survey Results:

Click here to view the associated whitepaper.

Take the SANS 2013 Critical Security Controls Survey

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013. He has 35 years experience in computer, network and information security. Prior to joining the SANS Institute, Mr. Pescatore was Gartnerís lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Before joining Gartner, Mr. Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Mr. Pescatore spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is also an Extra class amateur radio operator, callsign K3TN.

Ron Gula

Ron Gula is known in the global security community as a visionary, innovator, and extraordinary engineer. He started his career in information security at the National Security Agency conducting penetration tests of government networks and performing advanced vulnerability research. Since co-founding Tenable Network Security in 2002, Ron has been CEO and CTO at Tenable, maker of the world-renowned Nessusģ vulnerability scanner and Unified Security Monitoringô architecture. As CEO/CTO of Tenable, he is responsible for product strategy, research and development, and product design and development. Ron is also a leader in his community and a passionate advocate for education and scientific research. Prior to Tenable, Ron was the original author of the Dragon IDS and CTO of Network Security Wizards, which was acquired by Enterasys Networks. At Enterasys, Ron was Vice President of IDS Products and worked with many top financial, government, security service providers, and commercial companies to help deploy and monitor large IDS installations. He was also the Director of Risk Mitigation for US Internetworking and was responsible for intrusion detection and vulnerability detection for one of the first application service providers. Ron also worked for BBN and GTE Internetworking where he conducted security assessments as a consultant, helped to develop one of the first commercial network honeypots, and helped develop security policies for large carrier-class networks. Ron was the recipient of the 2004 Techno Security Conference "Industry Professional of the Year" award. In SC Magazine's 20th Anniversary Edition, Ron was named as one of the top market entrepreneurs for the past 20 years.

John Bordwine

With over two decades of experience in the security industry, John Bordwine is widely recognized as an expert in his field. John is currently the Public Sector Chief Technology Officer at Symantec. As the Symantec Public Sector CTO, John currently serves as a trusted advisor, providing guidance on the development of products and solutions that meet government requirements and certifications specifically focused on the Public Sector markets. Johnís responsibilities also include all technical and strategic activities related to Public Sector customers, which includes federal, state, and local government agencies, and education industries. John is an active member of various government working groups and has participated with developing several government IT security requirements. John has spoken at numerous highly-acclaimed security events, including SANS Institute events, FOSE, AFITC, RSA and US Government agency-specific functions. John holds a Top Secret clearance and served in the US Army Signal Corps where his last assignment was with the White House Communications Agency.

Kevin Skapinetz

Kevin Skapinetz is the Program Director for Product and Security Strategy at IBM. As part of the Security Systems division, he's responsible for defining and executing the strategic direction for IBMís portfolio of products and services to protect customers from todayís rapidly changing cyber threats. Kevin also leads Product Management for IBM X-Force - a world renowned security research organization focused on collecting, understanding and documenting global threats and security challenges. During his tenure at IBM and Internet Security Systems (acquired by IBM in 2006), Kevin has held multiple leadership positions in product management, engineering and support. He played a central role in the Office of the CTO as a technology strategist, where he guided the company's roadmap for securing emerging technologies, including virtualization and cloud computing. He also spent several years as the lead software engineer for RealSecure Server Sensor, a multi-platform host intrusion prevention system. Kevin holds a computer science degree from Tulane University and a master's degree in information security from the Georgia Institute of Technology.

Anil Nandigam

Anil Nandigam is Senior Director of Product Marketing at NSS labs. Anil has over 16 years of experience driving products and go-to-market strategy in the computer networking and security industry. Prior to joining NSS Labs, Anil held various senior roles in product management and product marketing at NSFOCUS, Bay Dynamics, FireEye, and Cisco Systems. Anil is a frequent guest speaker at various security conferences like CERT, and has been a contributing member to the SANS Institutesí webinars and publications. Anil has a Masterís Degree in Computer Science (MS) from the University of Houston and Masters in Business Administration (MBA) from Santa Clara University.

Tony Sager

Tony Sager served as the chief of every major element of the cyberdefense mission at the National Security Agency (NSA), finishing his 34-year career there as director of the Vulnerability Analysis and Operations group and chief operating officer of the IAD (Information Assurance division) of NSA. All 700 of the top cyberdefenders and vulnerability analysts at NSA worked for Tony. He was the person inside government most responsible for the initiation of the Critical Controls and for ensuring they reflected and dealt effectively with the active threat. Tony came to SANS to lead the global effort to ensure all new threats are appropriately reflected in the Critical Controls are kept current so their adopters can be assured that they are dealing as effectively as possible with the current threat environment. Tony is also working to on building a global career development and pathways program to map and enhance career growth opportunities for cybersecurity professionals and for companies trying to ensure they have the talent they need.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.