John Pescatore: Critical Security Controls boost operational security

John Pescatore: Critical Security Controls boost operational security

Date: Jun 03, 2014

Information security controls may not seem exciting, but they represent perhaps the most underrated set of tactics that enterprise information security practitioners have at their disposal to prevent worst-case scenarios.

After more than a decade as one of the top information security analysts at Gartner Inc., John Pescatore decided that advancing the evolution of enterprise security controls -- specifically the SANS Institute's 20 Critical Security Controls -- was a cause important enough for him to embark on a new career path.

"If you think about what are the most important things we can do, no matter what compliance regime is looking at us, the 20 controls is just a great effort," said Pescatore, now director of emerging security trends for the Bethesda, Maryland-based SANS Institute. "The most important things we do in security to stop bad things from happening are making up for deficiencies in the way IT owns and manages PCs and servers."

In this interview, conducted at the 2014 SANS Boston Leadership Summit, Pescatore discusses the importance of security controls to the operational side of information security.

He also discusses key takeaways from the 2014 SANS security salary survey, and the institute's work in collaboration with the U.S. Department of Veterans Affairs' VetSuccess program to provide training and mentorship to former members of the U.S. military looking for jobs in private sector information security.

Finally Pescatore discusses the "secrets" of Gartner and how an enterprise can make the most of working with a third-party research and consulting firm on information security.

More on Information Security Policies, Procedures and Guidelines

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: