CIS CISO Sean Atkinson on Risk Management, Privacy Controls and Compliance
As COVID-19 made remote work more prevalent, managing identity through both network and remote capabilities became a challenge for organizations. Zero trust is a big initiative for the Center for Internet Security, CIS, but applying zero trust principles to its infrastructure has not been easy, said Sean Atkinson, CISO at CIS. “You are never done with zero trust implementation,” he said.
Zero trust implementation is not a “set and done” approach, Atkinson said. Practical implementation and organizationwide adoption of zero trust are crucial, as is undergoing a maturity cycle to ensure organizations have the right tools and appropriate security controls for implementing identity throughout their organization.
“There are lessons learned and there are lessons identified. One of the things CIS is doing is managing identity through the network,” he said. “Our envisionment of infrastructure is no longer within the four walls. COVID-19 has set a remote capability, so we’ve now got to manage that underlying infrastructure as an approach to integrate security.”
In this video interview with Information Security Media Group at RSA Conference 2023, Atkinson also discusses:
- The three most common data breaches risks organizations are facing;
- The challenges for security organizations in defending against threats;
- Tips for avoiding data breaches.
Atkinson uses his broad cybersecurity expertise to direct strategy, operations and policy to protect CIS’s enterprise of information assets. His responsibilities include risk management, communications, applications and infrastructure. Prior to CIS, he served as global information security compliance officer for GLOBALFOUNDRIES. Prior to that, he led the security implementation for the New York state statewide financial system implementation.