2020 National Cyber Summit

Summit Speaker Jonathan Risto

Session Information

Critical Security Controls: Planning, Implementing, and Auditing
Monday, June 3, 2019 9:00 a.m. - 4:00 p.m.
This course helps you master specific, proven techniques and tools needed to implement and audit the Critical Security Controls as documented by the Center for Internet Security (CIS). These Critical Security Controls, listed below, are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations. These controls were selected and defined by the US military and other government and private organizations (including NSA, DHS, GAO, and many others) who are the most respected experts on how attacks actually work and what can be done to stop them. They defined these controls as their consensus for the best way to block the known attacks and the best way to help find and mitigate damage from the attacks that get through. For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the controls are effectively implemented. SEC440 does not contain any labs. If the student is looking for hands on labs involving the Critical Controls, they should take SEC566.

The Critical Security Controls are listed below. You will find the full document describing the Critical Security Controls posted at the Center for Internet Security.

One of the best features of the course is that it uses offense to inform defense. In other words, you will learn about the actual attacks that you'll be stopping or mitigating. That makes the defenses very real, and it makes you a better security professional.
Embassy Suites - Monte Santo Boardroom
Jonathan Risto photo
Jonathan Risto
Jonathan is a SANS Instructor teaching a wide variety of SANS classes including SEC440, SEC504, SEC560, SEC566, and SEC580. He is also the co-author of the SANS MGT516: Managing Security Vulnerabilities: Enterprise and Cloud.

With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, he has a deep technical background that provides a wealth of information he draws upon when teaching. His leadership of direct reports and matrix teams in industries including telecom, government and charity environments. When not teaching for SANS, he primarily works for the Canadian Government performing cybersecurity research work, in the areas of vulnerability management and automated remediation. He also performs consulting work.

He holds a bachelors degree in Electrical Engineering and is a licensed Professional Engineer (P.Eng.). He also holds a Master's Degree in Information Security Management from STI. In his spare time, he sits on the board of directors for charities and his 3 daughters keep him very busy. When possible, he enjoys the outdoors, astronomy, and photography.