CIS Names Board Chairman

John Gilligan brings extensive operational security experience in both public and private sectors

December 16, 2009

5 Min Read


Washington, DC " December 16, 2009 " The Center for Internet Security (CIS) today announced that John Gilligan has been elected chairman of the board effective November 3, 2009. Mr. Gilligan is president of the Gilligan Group and a recognized industry expert who brings extensive operational security experience in both public and private sectors to CIS, including federal government positions as Chief Information Officer with the Air Force and the Department of Energy. Among his many industry contributions, Mr. Gilligan has served as a member of the Center for Strategic and International Studies Commission on Cyber Security for the 44th Presidency and has received numerous leadership awards.

Mr. Gilligan succeeds former chairperson Franklin Reeder, president of The Reeder Group and CIS co-founder, who has led the organization since its inception and who will remain on the board. Newly elected to the CIS board is Karen Evans, partner at KE&T Partners and widely acknowledged for her work as the federal government's de facto Chief Information Officer; and Phil Venables, managing director and Chief Information Security Officer for Goldman Sachs.

Today's announcement signifies a transition in board governance that will foster continued public-private collaboration and is reflective of the diverse CIS membership spanning corporate, academic and government sectors.

The call for collaboration between industry and federal government is becoming increasingly vital in order to heighten the security and privacy of Internet-connected systems across all industry sectors and the nation's critical infrastructure. The Center for Internet Security, now entering its tenth year, distributes benchmarks that are globally accepted as the de facto standard for the secure configuration of information technology systems " and is emerging as a premier model for public-private collaboration by fostering consensus between government, education and industry.

"We founded CIS because we were concerned about the state of cyber security in our highly inter-connected community where threats spread rapidly. We knew the answer was not about creating another institution - it was about creating a collaborative mindset," said Frank Reeder, co-founder of CIS. "The initial focus for CIS was filling the void for consensus-based security configuration standards to answer two questions: how do I secure my systems and how much is enough security? Software products are often shipped in unsafe mode, but smart users know how to tighten up configurations to reduce exposure. CIS works to discover, synthesize and disseminate this knowledge - as well as augment it with tools to measure and conform to best practices. As a result of CIS standards adoption and market pressure, we are now seeing vendors ship safer products as well as overall safer practices by user organizations."

Added Reeder, "It's been a privilege to lead CIS for nine years and see this important initiative come to life, especially with the need for pubic-private collaboration more pressing than ever. As CIS approaches its second decade, John brings the necessary combination of passion, experience and community dedication to deliver on and extend this CIS mission."

Other CIS board members include: Alan Paller, co-founder of CIS and research director of the SANS Institute; Ramon Barquin, president of Barquin International; Bruce Molten, vice president of information technology and information security officer for National Grand Bank; Jack Arthur, partner at OCTO Consulting Group and former CIO of the US Forest Service; Clint Kreitner, founding CEO of CIS; and Bert Miuccio, president and CEO of CIS.

"I have been involved in CIS since its inception because of its highly unique collaborative business model. I have witnessed the process in action and CIS is considered the 'gold' standard for reducing vulnerabilities, configuring systems and evaluating software purchases," said Mr. Gilligan.

"The CIS collaborative process results in products that are an order of magnitude better in scope and quality - with only a fraction of the funding of other standards groups. The operating model of CIS fosters effective interaction between government and industry, an essential element of our national cyber security strategy. I look forward to leading CIS and continuing this philosophy," added Gilligan.

CIS Community Develops 50th Consensus Benchmark and Other Milestones

CIS also announced today that it now has delivered more than 50 consensus security configuration benchmarks for operating systems and software applications as well as network, mobile and print devices. Other milestones include:

1,500 Subject Matter Experts (SMEs) have participated in benchmark development

Over 160 organizations are CIS Members

CIS benchmarks cited in some of the most demanding regulations and industry standards for their prescriptive guidance, including Payment Card Industry Data Security Standard (PCI DSS) and FISMA

Tens of thousands of users go to the CIS website every year to download benchmarks and other resources; CIS certified software security vendors ship their products with CIS benchmarks to thousands of other organizations worldwide; and CIS licensed consulting members use CIS benchmarks and scoring tools in their clients as well

"Moving forward, CIS will foster collaboration in the areas of greatest security need, including software application security configuration standards for specific market segments that represent the core pillars of the nation's critical infrastructure - from energy and transportation to banking and healthcare. At the same time, CIS remains committed to maintaining existing benchmarks, advancing development and adoption of consensus security metrics, and continually enhancing the consensus process through automation," said Bert Miuccio, CEO for CIS.

About CIS

The Center for Internet Security (CIS) is a non-profit organization that helps enterprises reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls, and provides enterprises with resources for measuring information security status and making rational security investment decisions. CIS develops and distributes consensus based benchmarks for secure configuration of operating systems, software applications and network devices. The consensus security configuration benchmarks are downloaded more than one million times a year, and are globally accepted as user-originated, de facto standards. More than 150 leading corporations, government entities, universities and security organizations are CIS members. For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights