NSA Director to Head Up CIS Controls Group

Curt Dukes, former director of information assurance at the National Security Agency (NSA), has been named the Center for Internet Security (CIS) executive vice president.

Dukes will be responsible for managing the Security Best Practices Automation Group, which includes the CIS Security Benchmarks, the CIS Controls and the tools to automate the evaluation of the standards.

“Curt Dukes’ three decades of senior executive leadership and his unparalleled track record of pioneering and managing complex cybersecurity products and services make him an ideal leader for the Security Best Practices Automation Group,” said John Gilligan, CIS board chair and interim CEO. “His addition will accelerate our efforts to provide our nation with effective solutions to address rapidly growing cybersecurity challenges.”

Dukes also will focus on the expansion of the content of CIS standards and increased adoption of CIS security best practices and standards. He will also lead the development and delivery of effective tools for scoring the implementation of CIS Benchmark and Controls standards and for automating the implementation of security best practices. 

The CIS Controls are a concise, prioritized set of practices that outline what every organization should do as their first steps in cybersecurity. They have been proven to mitigate 85% of the most common vulnerabilities.

One of the benefits of the CIS Controls is they are developed by experts based on their first-hand experience in the security field and are derived from actual threat data from a variety of public and private sources. In addition to being prioritized and relevant, the CIS Controls are updated regularly to stay in step with cybersecurity’s ever-changing threat environment.

“The cybersecurity industry is about innovation, and CIS is already a well-positioned leader in transforming security technology for today’s increasingly connected businesses,” said Dukes. “I am excited to join CIS as executive vice president and look forward to helping the Security Best Practices Automation Group continue its impressive track record of innovation and growth,” he added.

Dukes has served as the director of information assurance at the National Security Agency in Fort Meade, Md., since 2013. His responsibilities included the security of systems that handle classified information or are otherwise critical to the US military or intelligence activities. 

From 2007 to 2013, Dukes was director of the NSA/Central Security Service (CSS) Commercial Solutions Center, where he was responsible for leading the agency’s portal to the commercial world. His responsibilities included leveraging industrial relationships, while partnering with international and national intelligence communities, and the Department of Defense, to address the strategic needs of the NSA/CSS and the National Security community.

From 2004 to 2007, Dukes was NSA’s chief at the Systems and Networks Analysis Center, where he led a technical workforce providing technology risk assessments, cyber-defense operations and advanced vulnerability research.

Dukes earned an MS in Computer Science from Johns Hopkins University after completing a BS in Computer Science at the University of Florida.

Photo © Balefire 

What’s Hot on Infosecurity Magazine?