Each week on “Tech Talk USA,” our host Jeff Hootselle sits down with experts in the information technology world. This week, Jeff spoke to Kathleen Moriarty from the Center for Internet Security.
The Center for Internet Security (CIS) is a 501(c)(3) nonprofit organization, formed in October, 2000. Its mission is to “identify, develop, validate, promote, and sustain best practice solutions for cyber defense and build and lead communities to enable an environment of trust in cyberspace.
To learn more, visit https://www.cisecurity.org.
Short company description: The Center for Internet Security (CIS) is a 501(c)(3) nonprofit organization, formed in October, 2000. Its mission is to “identify, develop, validate, promote, and sustain best practice solutions for cyber defense and build and lead communities to enable an environment of trust in cyberspace.
What is your competitive differentiator?: The Center for Internet Security’s mission includes making security possible for businesses of all sizes, which is also a passion of mine and many others at CIS. CIS’s work to improve security for State, Local, Tribal, and Territorial (SLTT) networks opens up the opportunity with work with vendors, building in security aligned to the CIS Controls and CIS Benchmarks. We’re at a pivotal time where built-in security is becoming essential and vendors are looking to ensure customers trust their products and services. As such, our differentiator is trust in our controls and benchmarks that provide assurance that systems and applications are as expected. If there’s a variance from expected controls or benchmarks, this enables detection capabilities against this allow-list for policy and measurement values.
How did you get started in the technology field?: I need to credit a professor from my undergraduate school, Prof. Matthews. He nudged me several times to take computer courses along with my Mathematics curriculum and I eventually began to enjoy them. Next was a mentor from an internship at the Watervliet Arsenal. He encouraged me to take a job at PSINet, the first commercial service provider, while I worked on my Masters degree. It was the diverse experience set gained at PSINet that really gave me a solid background in networking, system administration, and security.
What do you consider to be the biggest challenge when bridging the gap between IT and the overall business for most companies?: Architectural patterns that do not scale, resulting in the need for add on products instead of built-in security along with the additional resources to manage these products. I do see a way forward as described in, “Transforming Information Security: Optimizing Five Concurrent Trends to Reduce Resource Drain”. Emerald Publishing Ltd. 2020.
What is the best or most worthwhile technology investment that you have made in the past 10 years?: Having been on the research and development side for the last 10 years, influencing how we create architectural patterns that scale has been the most important time investment. This involves working with engineers through standards and internal development, teaching, and publishing blogs and a book.
What are the areas of technology that you see as being the most impactful to the business world in the next 5 years?: Security and IT management should become more of a supporting function that just works and requires fewer resources to manage. Some of this will be due to the increased use of service providers as security is bolstered and some due to changes in the architectural patterns for deploying and managing both IT and security.