As part of a vendor security research team, a lot of time is spent reading up on documents released by various standards bodies. These standards are useful guides to securing the environment, but they often become the driving force behind “checkbox security.” This happens, in part, because these documents are looked down upon as boring and pointless.
This talk aims to change that view by building on Johann Cruyff’s famous quote, “Quality without results is pointless. Results without quality is boring.” If you find it boring and pointless, you’re doing it wrong, so let’s take a look at the big picture and see just how critical the CIS Controls are in your environment. After all, how could something so critical be boring and pointless?