Critical Security Controls Survey

  • Tuesday, June 25 at 1:00 PM EDT
  • John Pescatore and Anil Nandigam


  • FireEye
  • Symantec
  • Tenable Network Security


The Critical Security Controls (CSCs) are rapidly being adopted by companies and government agencies in the U.S., Canada and elsewhere to increase visibility into advanced threats, to shore up defenses, and ultimately for benchmarking and to improve risk posture.

As security managers become more familiar with the CSCs, theyre raising a number of urgent questions: What types of organizations are implementing what controls, and why? How integrated are these controls with overall operations and with risk management dashboards? And what new development, staffing and tool decisions will adopters have to make to address the control areas theyre focusing on?

In answer to these questions, this webcast examines the just-released results of a six-week survey on the CSCs conducted by the SANS Institute. These and other critical issues including adoption drivers,how to obtain leadership buy-in, and overcoming inhibitors to adoption will be explored during this webcast.

Register for this webcast and be one of the first to receive a SANS white paper on the CSCs, developed by John Pescatore with input from SANS director Tony Sager.

Survey Results:

Click here to view the associated whitepaper.

Take the SANS 2013 Critical Security Controls Survey https://www.surveymonkey.com/s/Critical_Controls

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013. He has 35 years experience in computer, network and information security. Prior to joining the SANS Institute, Mr. Pescatore was Gartner’s lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Before joining Gartner, Mr. Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Mr. Pescatore spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is also an Extra class amateur radio operator, callsign K3TN.

Ron Gula

Ron Gula is known in the global security community as a visionary, innovator, and extraordinary engineer. He started his career in information security at the National Security Agency conducting penetration tests of government networks and performing advanced vulnerability research. Since co-founding Tenable Network Security in 2002, Ron has been CEO and CTO at Tenable, maker of the world-renowned Nessus® vulnerability scanner and Unified Security Monitoring™ architecture. As CEO/CTO of Tenable, he is responsible for product strategy, research and development, and product design and development. Ron is also a leader in his community and a passionate advocate for education and scientific research. Prior to Tenable, Ron was the original author of the Dragon IDS and CTO of Network Security Wizards, which was acquired by Enterasys Networks. At Enterasys, Ron was Vice President of IDS Products and worked with many top financial, government, security service providers, and commercial companies to help deploy and monitor large IDS installations. He was also the Director of Risk Mitigation for US Internetworking and was responsible for intrusion detection and vulnerability detection for one of the first application service providers. Ron also worked for BBN and GTE Internetworking where he conducted security assessments as a consultant, helped to develop one of the first commercial network honeypots, and helped develop security policies for large carrier-class networks. Ron was the recipient of the 2004 Techno Security Conference "Industry Professional of the Year" award. In SC Magazine's 20th Anniversary Edition, Ron was named as one of the top market entrepreneurs for the past 20 years.

John Bordwine

With over two decades of experience in the security industry, John Bordwine is widely recognized as an expert in his field. John is currently the Public Sector Chief Technology Officer at Symantec. As the Symantec Public Sector CTO, John currently serves as a trusted advisor, providing guidance on the development of products and solutions that meet government requirements and certifications specifically focused on the Public Sector markets. John’s responsibilities also include all technical and strategic activities related to Public Sector customers, which includes federal, state, and local government agencies, and education industries. John is an active member of various government working groups and has participated with developing several government IT security requirements. John has spoken at numerous highly-acclaimed security events, including SANS Institute events, FOSE, AFITC, RSA and US Government agency-specific functions. John holds a Top Secret clearance and served in the US Army Signal Corps where his last assignment was with the White House Communications Agency.

Kevin Skapinetz

Kevin Skapinetz is the Program Director for Product and Security Strategy at IBM. As part of the Security Systems division, he's responsible for defining and executing the strategic direction for IBM’s portfolio of products and services to protect customers from today’s rapidly changing cyber threats. Kevin also leads Product Management for IBM X-Force - a world renowned security research organization focused on collecting, understanding and documenting global threats and security challenges. During his tenure at IBM and Internet Security Systems (acquired by IBM in 2006), Kevin has held multiple leadership positions in product management, engineering and support. He played a central role in the Office of the CTO as a technology strategist, where he guided the company's roadmap for securing emerging technologies, including virtualization and cloud computing. He also spent several years as the lead software engineer for RealSecure Server Sensor, a multi-platform host intrusion prevention system. Kevin holds a computer science degree from Tulane University and a master's degree in information security from the Georgia Institute of Technology.

Anil Nandigam

As Senior Staff Product Marketing Manager at FireEye, Anil is responsible for aligning FireEye’s product communications with the evolving security needs of global organizations. Anil has over 12 years of experience in the computer networking industry. Prior to FireEye, Anil was a Senior Product Manager at Cisco, responsible for driving Product strategy and GTM activities for security and access routing solutions. Anil holds a MS degree in Computer Science from the University of Houston and an MBA from Santa Clara University.

Tony Sager

Tony Sager retired from the National Security Agency in June 2012 after 35 years in the Information Assurance mission. He had technical assignments as a mathematical cryptographer, software developer, and software vulnerability analyst. As executive manager, Tony led the Systems and Network Attack Center and the Vulnerability Analysis and Operations Group - two organizations responsible for some of NSA’s most important advancements in cyber defense, and national leaders in open security standards, guidance, automation, and best practices. He concluded his career as the Chief Operating Officer of the Information Assurance Directorate. Tony is currently with the SANS Institute leading special projects, including the Top 20 Critical Security Controls.

Need Help? Visit our FAQ page or email webcast-support@sans.org.