Governance, Regulation & Compliance

3312 - Adopting Security Automation Standards: Lower TCO with Increased Situational Awareness

Wednesday, October 10
1:45 PM - 2:45 PM
Location: Floor 2: Galerie 5

Communications security, computer security, information security, information assurance, information operations, cybersecurity. Through a career at the National Security Agency, and now with the non-profit Center for Internet Security, the presenter has spent 35-plus years in the business of finding, making sense of, and managing vulnerabilities in devices, systems and operations.

Through the lens of his career, he will share observations on how the boundary between work and home use continues to blur as an army of network-enabled, throwaway devices has mounted its invasion. Attacks tools are automated, innovative and easy to use. It’s time for defense to learn from offense.

We need security to be implemented out of the box with support by all vendors of a set of standards that can automatically populate a dashboard of situational awareness. Security automations standards such as the ones being worked on in the Security Automation and Continuous Monitoring (SACM) group of the IETF will help amortize the costs of tracking what software is running on our systems and whether it is up to date. The resiliency of our systems will increase and the noise floor of what is normal business will be lowered so that budget and talent can be channeled into detecting and preventing attacks as they happen.


Learning Objectives:

Curtis Dukes, MS Computer Science

Executive VP & GM, Security Best Practices & Automation
Center for Internet Security

Curt Dukes joined CIS as the executive vice president and general manager of the Best Practices & Automation Group in January 2017. The CIS Security Benchmarks and Security Controls program provides vendor-agnostic, consensus-based best practices to help organizations assess and improve their cyber security posture. Prior to CIS, Curt served as a defense intelligence senior executive with NSA for 33 years. His last position at NSA was that of Information Assurance Director. The Information Assurance Directorate is charged with securing systems that handle classified information or are otherwise critical to military and intelligence activities. Curt has undergraduate and graduate degrees in computer science, and is a graduate of the Intelligence Community Officer program.


Send Email for Curtis Dukes


3312 - Adopting Security Automation Standards: Lower TCO with Increased Situational Awareness



Presentation Slides



Handouts1 Handouts2



Attendees who have favorited this

Please enter your access key

The asset you are trying to access is locked. Please enter your access key to unlock.

Send Email for Adopting Security Automation Standards: Lower TCO with Increased Situational Awareness