Episode 168: Institutionalizing Good Cybersecurity Ideas
Dec 31, 2025•38 min•Ep. 168
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
In Episode 168 of Cybersecurity Where You Are, Tony Sager sits down with Tony Rutkowski, one of the CIS Critical Security Controls® (CIS Controls®) Ambassadors of the Center for Internet Security® (CIS®). Together, they discuss what Tony Rutkowski has learned in his efforts to institutionalize good cybersecurity ideas like the CIS Controls.
Here are some highlights from our episode:
- 01:48. Introductions to Tony Rutkowski and his career in technology
- 06:06. The evolution of the CIS Controls and how Tony Rutkowski came to advocate for them
- 12:50. The "Fog of More" as a metaphor to focus attention, not create new solutions
- 17:50. How institutionalizing good cybersecurity ideas is like conducting an orchestra
- 21:44. The use of timing and the right security content to help people clarify their intentions
- 24:25. The value of industry mappings in reducing duplicate implementation efforts
- 26:41. Secure by design: a 2025 example of creating a new formal global technical standard
Resources
- Episode 160: Championing SME Security with the CIS Controls
- Episode 167: Volunteers as a Critical Cybersecurity Resource
- Reasonable Cybersecurity Guide
- Cybersecurity at Scale: Piercing the Fog of More
- Mapping and Compliance with the CIS Controls
- Secure by Design: A Guide to Assessing Software Security Practices
- Episode 164: Secure by Design in Software Development
- CIS Critical Security Controls Implementation Groups
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.
For the best experience, listen in Metacast app for iOS or Android