Tony Sager is a Senior VP and Chief Evangelist for the Center for Internet Security. He leads the development of the CIS Critical Security Controls, a worldwide consensus project to find and support technical best practices in cybersecurity. Tony also serves as the Director of the SANS Innovation Center, a subsidiary of The SANS Institute.
Tony retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Tony led the release of NSA security guidance to the public. He also expanded NSA’s role in the development of open standards for security.
Mr. Sager holds a B.A. in Mathematics from Western Maryland College and an M.S. in Computer Science from The Johns Hopkins University.
“Making Best Practice Common Practice” – the slogan for the Center for Internet Security came from an observation. The vast majority of cyber problems that plague us today could have been prevented by actions, technologies and policies that are already known or currently exist in the marketplace. The challenge is that you can’t find those “best practices” on your own to learn from them. Or even more likely, you are overwhelmed by the “Fog of More” - competing expert opinions, vendor claims, and regulatory or compliance requirements.
Cyber security has rapidly shifted from a government-driven focus on national security to a fundamental social issue of risk and economics that touches every one of us, in every aspect of our lives. Therefore many of us are struggling with basic questions: what should I do; how much is good enough; and how do I demonstrate to others that I have behaved responsibly in cyberspace?
Through the lens of a 35-year career at the National Security Agency, and now with the non-profit Center for Internet Security, Tony will share his observations about: the threats that we all face; the ways that we can identify, share, and sustain best practices to manage risk; the role that these practices will play in fields like insurance, law, and auditing; and the new models of open, collaborative action that will be required