Entries by Kes Jecius

How to Identify Your Boundary Defense Needs

By Kes Jecius, RedSeal Senior Consulting Engineer

The Center for Internet Security’s (CIS) twelfth control for implementing a cybersecurity program is for your organization to control the flow of information transferring between networks of different trust levels. The first sub-control states that an organization should maintain an inventory of all network boundaries. So, the first […]

CIS Benchmarks Bring Network and Security Teams Together

By Kes Jecius, RedSeal Senior Consulting Engineer

The Center for Internet Security’s (CIS) eleventh control for implementing a cybersecurity program is for your organization to actively track, report on, and correct the security configurations for network devices. This involves the use of a configuration management system and robust change control processes. What has been missing […]

Understanding and Managing Your Attack Surface

By Kes Jecius, RedSeal Senior Consulting Engineer

The Center for Internet Security’s (CIS) ninth control for implementing a cybersecurity program is for your organization to manage the ports, protocols, and services on a networked device that are exposed and vulnerable to exploitation. The intent of the control is for your organization to understand and manage […]

The Network Dimension in Vulnerability Management

By Kes Jecius, RedSeal Senior Consulting Engineer

The Center for Internet Security’s (CIS) third control for implementing a cybersecurity program is to practice continuous vulnerability management. Organizations that identify and remediate vulnerabilities on an on-going basis will significantly reduce the window of opportunity for attackers. This third control assumes you’ve implemented the first two CIS […]

Visibility of IT Assets for Your Cybersecurity Program

By Kes Jecius, RedSeal Senior Consulting Engineer

The Center for Internet Security’s (CIS) first control for implementing a cybersecurity program is to understand and manage the hardware assets that make up your IT infrastructure. These hardware assets consist of network devices, servers, workstations, and other computing platforms. This is a difficult goal to achieve, further […]

Using the CIS Top 20 Controls to Implement Your Cybersecurity Program

By Kes Jecius, Senior Consulting Engineer

I have the privilege of working with security groups at many different enterprise companies. Each of them is being bombarded by many different vendors who offer security solutions. No surprise, the common estimate is that there are approximately 2,000 vendors offering different products and services to these companies.

Each […]