Trends like the increased use of cloud computing by businesses and their vendors introduce new complexities in reducing risk and assessing security across the supply chain. Demonstrating continuous risk reduction and compliance with internal policies and external regulations, fixing violations and configuration drift, centrally managing exceptions, and documenting progress are all common challenges.

The Center for Internet Security’s (CIS) Critical Security Controls (CSCs) were selected and prioritized by leading security experts to stop today’s most common and serious cyber threats. By implementing these controls, organizations can improve their security posture and reduce the risk of threats to critical assets, data, and network infrastructure.

In this webcast SANS Senior Analyst John Pescatore and Tim White, Director of Product Management for Qualys Policy Compliance (PC), will discuss how you can achieve continuous security and compliance, and leverage Qualys solutions to address all 20 CSCs.

The presentation will encompass:


  • An overview of the CIS Critical Security Controls, including ongoing updates
  • Success patterns organizations have demonstrated for using the controls to their advantage
  • How an automation can reduce the staffing load to determine whether controls are in place and effective
  • How to prioritize remediation efforts
  • Real-world examples of recent attacks that leveraged misconfigured systems

This webcast will include a demo and Q&A session with the speakers.

Count Me In »


About the Speakers


John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and voice systems "and the occasional ballistic armor installation." John has testified before Congress about cyber security, was named one of the 15 most-influential people in security in 2008 and remains an NSA-certified cryptologic engineer.




Tim White, is Qualys’ director of product management for policy compliance. With more than 20 years of experience in IT GRC, he has worked with a variety of large enterprises across many different verticals while shaping products in the industry. He also has significant experience in broader Information Security, working with products ranging from Firewalls, Network Security, and Host Security.