2019 National Cyber Summit

Summit Speaker Jonathan Risto

Session Information

Critical Security Controls: Planning, Implementing, and Auditing
Monday, June 3, 2019 9:00 a.m. - 4:00 p.m.
This course helps you master specific, proven techniques and tools needed to implement and audit the Critical Security Controls as documented by the Center for Internet Security (CIS). These Critical Security Controls, listed below, are rapidly becoming accepted as the highest priority list of what must be done and proven before anything else at nearly all serious and sensitive organizations. These controls were selected and defined by the US military and other government and private organizations (including NSA, DHS, GAO, and many others) who are the most respected experts on how attacks actually work and what can be done to stop them. They defined these controls as their consensus for the best way to block the known attacks and the best way to help find and mitigate damage from the attacks that get through. For security professionals, the course enables you to see how to put the controls in place in your existing network though effective and widespread use of cost-effective automation. For auditors, CIOs, and risk officers, the course is the best way to understand how you will measure whether the controls are effectively implemented. SEC440 does not contain any labs. If the student is looking for hands on labs involving the Critical Controls, they should take SEC566.

The Critical Security Controls are listed below. You will find the full document describing the Critical Security Controls posted at the Center for Internet Security.

One of the best features of the course is that it uses offense to inform defense. In other words, you will learn about the actual attacks that you'll be stopping or mitigating. That makes the defenses very real, and it makes you a better security professional.
Jonathan Risto photo
Jonathan Risto
Jonathan is a SANS Instructor teaching a wide variety of SANS classes including SEC440, SEC504, SEC560, SEC566, and SEC580. He is also the co-author of the SANS MGT516: Managing Security Vulnerabilities: Enterprise and Cloud.

With a career spanning over 20 years that has included working in network design, IP telephony, service development, security and project management, he has a deep technical background that provides a wealth of information he draws upon when teaching. His leadership of direct reports and matrix teams in industries including telecom, government and charity environments. When not teaching for SANS, he primarily works for the Canadian Government performing cybersecurity research work, in the areas of vulnerability management and automated remediation. He also performs consulting work.

He holds a bachelors degree in Electrical Engineering and is a licensed Professional Engineer (P.Eng.). He also holds a Master's Degree in Information Security Management from STI. In his spare time, he sits on the board of directors for charities and his 3 daughters keep him very busy. When possible, he enjoys the outdoors, astronomy, and photography.


Meet Our NCS 2019 Speakers

Jocquette Blue Photo Jocquette Blue Senior Cybersecurity Analyst H2L Solutions
Paige Boshell Photo Paige Boshell Managing Member Privacy Counsel LLC
Wayne Burke Photo Wayne Burke Vice President and Co-Founder Cyber2 Labs, LLC
Paul Coggin Photo Paul Coggin Cyber Security Research Scientist Financial Institution
Brian Contos Photo Brian Contos CISO Verodin
Randall Cottrell Photo Randall Cottrell Chief Executive Officer Bluejireh Incorporated
Joshua Crumbaugh Photo Joshua Crumbaugh Chief Hacker/Chief Operating Officer PeopleSec® LLC
Ben Curry Photo Ben Curry Chief Architect, Managing Partner Summit 7 Systems
Robert Decicco Photo Robert Decicco MD Digital Intelligence
Byron DeLoach Photo Byron DeLoach Director of Adaptive Services Cybriant
Nicholas Downer Photo Nicholas Downer Systems Security Engineer/Instructor Millennium
Major Bradley Eames Photo Major Bradley Eames 47CTS OL-A Deputy Commander 47 Cyberspace Test Squadron
Rita Edwards Photo Rita Edwards Featured Cyber Security Instructor CyberProtex
Mr. Scott Edwards Photo Mr. Scott Edwards President Summit 7 Systems
Shawn Edwards Photo Shawn Edwards Cyber Adversarial Engineer The MITRE Corporation
Irene Garcia-Goan Photo Irene Garcia-Goan Sr. Cybersecurity Analyst H2L Solutions
Travis Green Photo Travis Green
Jonathan Hard Photo Jonathan Hard Chief Operating Office and President H2L Solutions
Matt Henson Photo Matt Henson CEO Trade Collaboration Engine
Sean Hopkins Photo Sean Hopkins Red Team Security Engineer Millennium Corporation
Dr. DJ Hovermale Photo Dr. DJ Hovermale Senior Cyber Operations Training Analyst, Principal SAIC
Dr. Michaela Iorga Photo Dr. Michaela Iorga Senior Security Technical Lead NIST
Ray Kelly Photo Ray Kelly Security Architect Micro Focus
Ben McGee Photo Ben McGee CyberProtex Featured Cyber Security Instructor
Dr. Wesley McGrew Photo Dr. Wesley McGrew Director of Cyber Operations HORNE Cyber
Charlene Mowery CISM, PE Photo Charlene Mowery CISM, PE Vice President of Global Business and Marketing, Cybersecurity SME Ultra Electronics, 3eTI
Ms. Sonia Mundra Photo Ms. Sonia Mundra President Chenega Analytic Business Solutions, LLC (CABS)
Michael Portera Photo Michael Portera Red Team Security Engineer Millennium Corporation
Jonathan Risto Photo Jonathan Risto
Robert Rounsavall Photo Robert Rounsavall Co Founder Trapezoid, Inc.
Kell Rozman Photo Kell Rozman Security Software Engineering Senior Manager Toyota Motor North America
Antonio (Tony) Rucci Photo Antonio (Tony) Rucci Director, InfoSec & Threat Intelligence GRIDSMART Technologies
Mr. Brian Ruf CISSP, PMP Photo Mr. Brian Ruf CISSP, PMP FedRAMP PMO SME FedRAMP/GSA
Greg Schaffer Photo Greg Schaffer Principal vCISO Services, LLC
Jake Schneider Photo Jake Schneider Director of Cyber Technologies GaN Corporation
Winn Schwartau Photo Winn Schwartau Chief Visionary Officer Winn Schwartau LLC
Jeffrey Shapiro Photo Jeffrey Shapiro Senior Cyber Operations Training Analyst, Principal SAIC
Dr. Joshua Stroschein Photo Dr. Joshua Stroschein Training and Academic Outreach Open Information Security Foundation
Trevor Vaughan Photo Trevor Vaughan Vice President Engineering Onyx Point, Inc.
Dr. Brad Wardman Photo Dr. Brad Wardman Head of Threat Intelligence PayPal
Mark Whigham Photo Mark Whigham Instructor Calhoun Community College
Mr. Wes Widner III Photo Mr. Wes Widner III Senior Cloud Engineer CrowdStrike
Shirley Zhao Photo Shirley Zhao Principal Program Manager, Product Security Compliance and Governance Blackberry

View AgendaView Speaker Listing


Attend NCS 2019 to meet and hear speakers like this!

Register Now