Tony Sager: Practicality Over Perfection and Simplifying Security Standards

About Tony Sager: Tony Sager is a renowned cybersecurity expert who has a distinguished career in both the government and private sectors. He started his professional journey as a mathematical cryptographer and software vulnerability analyst at the National Security Agency (NSA) where he held various leadership positions and received multiple awards for his technical and mission excellence. After retiring from NSA, Sager became the Senior Vice President and Chief Evangelist for the Center for Internet Security (CIS) where he leads the development of the CIS Critical Security Controls and is an active volunteer in numerous community service activities. With a background in mathematics and computer science, Tony sees himself as a "community organizer" in the cybersecurity industry, working with talented individuals to keep the world safe.In this episode, Aaron and Tony Sager discuss:Cybersecurity in the context of national securityTaking into account the importance of cyber risks in business decision-making and resource allocationThe role that the Center for Internet Security (CIS) plays among a myriad of several cybersecurity frameworksThe complexities and implications of building resilient systemsHow security and compliance go hand in handKey Takeaways:One of the best ways to help the economy defend itself from cyber threats is to teach help people make good security decisions when they don't have the expertise to do soWith so many cybersecurity frameworks out there, the security industry has a responsibility to make security standards simpler and more accessible. The CIS controls aims to be very actionable and connect the dots across different frameworks.While a checklist mentality is not enough for security, compliance is vital for managing risk, and checklists can be an effective starting point to ensure basic coverage and capture past mistakes.It's important to strike a balance between preventing attacks and maintaining the system, without bankrupting the company by striving for a 100% success rate. Military generals understand that a decision doesn't need to be perfect to be effective, and this principle can apply to cybersecurity as well. "Great people have gone on to take on some of the nation's and the economy's toughest challenges. I look around at that, and I go, ‘Wow,  we could do this.’ I really believe, and I see the next generation, folks like you coming up, and I just go, man, if we can't make progress with all the great people, momentum, and opportunity in front of us, then that's on us." — Tony SagerConnect with Tony Sager:  Website: https://www.sagercyber.org/Email: tony@sagercyber.orgLinkedIn: https://www.linkedin.com/in/tony-sager-56371043/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.