Joining the podcast this week is Tony Sager, Senior Vice President and Chief Evangelist for the Center of Internet Security and shares insights from his 45+ years on the security front lines, including 34 years at the NSA. Risk was a big theme of the discussion particularly looking at risk through a similar lens as we view other risky domains, such as the great work being done with the Cyber Safety Review Board. (And he shares color on the power of being okay with the risk of being wrong sometimes.) He also shares perspective on moving to incentive-based cyber models (such as what’s been done in Ohio and Connecticut), and the criticality of translating technology, attacks & attackers into public policy and market incentives. And it can’t be a great cyber discussion without addressing the growing sophistication of cyber criminals and their organizations – really becoming the defacto organized crime success path today. Tony Sager, Senior Vice President and Chief Evangelist for the Center for Internet Security Sager is a SVP and Chief Evangelist for CIS. He leads the development of the CIS Critical Security Controls™, a worldwide consensus project to find and support technical best practices in cybersecurity. Sager champions of use of CIS Controls and other solutions gleaned from previous cyber-attacks to improve global cyber defense. He also nurtures CIS’s independent worldwide community of volunteers, encouraging them to make their enterprise, and the connected world, a safer place. In November 2018, he added strategy development and outreach for CIS to his responsibilities. In addition to his duties for CIS, he is an active volunteer in numerous community service activities: the Board of Directors for the Cybercrime Support Network; and a member of the National Academy of Sciences Cyber Resilience Forum; Advisory Boards for several local schools and colleges; and service on numerous national-level study groups and advisory panels. Sager retired from the National Security Agency (NSA) after 34 years as an Information Assurance professional. He started his career there in the Communications Security (COMSEC) Intern Program, and worked as a mathematical cryptographer and a software vulnerability analyst. In 2001, Sager led the release of NSA security guidance to the public. He also expanded the NSA’s role in the development of open standards for security. Sager’s awards and commendations at NSA include the Presidential Rank Award at the Meritorious Level, twice, and the NSA Exceptional Civilian Service Award. The groups he led at NSA were also widely recognized for technical and mission excellence with awards from numerous industry sources, including the SANS Institute, SC Magazine, and Government Executive Magazine. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e273