A recognized cyber security expert, he has held senior positions in both industry and government. He was the founding Executive Director of the Cyber Security Industry Alliance (CSIA), an advocacy group dedicated to ensuring the privacy, reliability, and integrity of information systems through sound public policy, technology, education, and awareness. During his government service, Kurtz was Special Assistant to the President and Senior Director for Critical Infrastructure Protection on the White House’s Homeland Security Council (HSC). He joined HSC from the National Security Council (NSC), where he was both Senior Director for National Security in the Office of Cyberspace Security and a member of the President’s Critical Infrastructure Protection Board. He served as an NSC Director for Counterterrorism from 1999-2001, and helped manage the response to the 9/11 terrorist attacks. Before the NSC he had a long career in the State Department, specializing in non-proliferation policy and strategic arms control. Kurtz earned his bachelor’s degree from Holy Cross College and his master’s in international public policy from the Johns Hopkins University’s School of Advanced International Studies.
Speech Topic & Synopses
The cyber threat is very real, but hype and hyperbole have often led to disparate initiatives and solutions by governments, private industry, and security vendors. What enterprises need today is a uniform and structured way of looking at the big picture, together with the ability to break cyber challenges into discrete, understandable, and solvable problems with measurable solutions. A consortium of more than a hundred US government agencies and non-governmental cyber experts developed the Twenty Critical Security Controls (also known as the Consensus Audit Guidelines) to help provide exactly that capability. By using all the Controls—which have been prioritized by the US National Security Agency—an enterprise can ensure it has addressed all critical aspects of cyber security. Each Control provides insight into its own implementation, and each Control is critical. Some are easy to implement, others more difficult. They function most effectively, however, within a well-conceived risk management framework that enables an enterprise to identify risks and prioritize investments across the Controls. The aim of this talk is to share insights that will help enterprises understand the utility of the framework provided by the Twenty Critical Security Controls, as well as strategies to make them relevant to enterprises large and small.