In Episode 165 of Cybersecurity Where You Are, Tony Sager sits down with Valecia Stocchetti, Senior Cybersecurity Engineer at the Center for Internet Security® (CIS®), and Charity Otwell, Director of Critical Security Controls at CIS. Together, they take an in-depth look at implementing the CIS Critical Security Controls® (CIS Controls®), including what you need to know to begin your own CIS Controls implementation efforts.Here are some highlights from our episode:00:53. Introductions to Valecia and Charity02:48. How the CIS Controls ecosystem answers the deeper question of how to implement06:42. The importance of clear strategy, business priorities, and a realistic timeline09:56. How the CIS Community Defense Model (CDM) clarifies cyber defense priorities13:01. The use of calculations around costing to make a security program achievable15:31. Bringing IT and the Board of Directors together through governance20:36. "Herding cats" as a metaphor for navigating different compliance frameworks23:17. Why one prescriptive ask per CIS Safeguard starts cybersecurity workflows25:30. "Why" vs. "how" communication, accountability, staffing, budget, and continuous improvement as keys to success for CIS Controls implementation42:03. CIS Controls Assessment Specification as an answer to implementation subjectivity47:21. Parting thoughts around team effort, change, and CIS Controls AccreditationResourcesCloud Companion Guide for CIS Controls v8.1CIS Community Defense Model 2.0The Cost of Cyber Defense CIS Controls IG1Episode 132: Day One, Step One, Dollar One for CybersecurityPolicy TemplatesEpisode 107: Continuous Improvement via Secure by DesignReasonable Cybersecurity GuideCIS Controls ResourcesCIS Controls Assessment SpecificationEpisode 156: How CIS Uses CIS Products and ServicesCIS Controls AccreditationControls AccreditationEpisode 102: The Sporty Rigor of CIS Controls AccreditationIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].