Successful attacks almost always exploit conditions that could fairly be described as poor cyber hygiene, including failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privileges. In this session, we'll dive a little deeper into this topic. We'll discuss the importance of cyber hygiene as a root cause of attacks and as a defense strategy. We'll look at various attempts to define a specific set of practices that should be included and how that might help provide a basis for action. And if hygiene isn't enough, what is? Finally, we'll look at what could be done to transform cyber hygiene from a concept or general request to improve (encouragement) to a large-scale improvement program.

Biographies of the speakers
Russell Eubanks
From factory worker to owner of Security Ever After and consultant for Enclave Security, Russell Eubanks' career path has been anything but traditional. While working in a factory years ago, Russell realized he wanted more and began looking for opportunities. He learned about his company's tuition reimbursement program and immediately enrolled in computer classes at the local community college. He worked at the factory until the early hours of the morning and attended classes during the day.

Russell is a certified instructor for SANS and teaches MGT415: A Practical Introduction to Cybersecurity Risk Management; MGT514: Strategic Security Planning, Policy, Leadership; and SEC566: Implementing and Testing Critical Security Controls – In-Depth and MGT 521: Driving Cybersecurity Change – Establishing a Culture of Protect, Detect, and Respond.

Randy Marchany
Randy is Virginia Tech's Chief Information Security Officer and Director of the Virginia Tech IT Security Lab. He is co-author of the original SANS Top 10 Internet Threats, the SANS Top 20 Internet Threats, the SANS Consensus Roadmap for Defeating DDoS Attacks, and the SANS Incident Response: Step-by-Step Guides. He is a member of the Center for Internet Security development team that created and tested the CIS Solaris, HPUX, AIX, Linux, and Windows2000/XP security benchmarks and assessment tools. He was a member of the White House Partnership for Critical Infrastructure Security working group that developed a Consensus Roadmap for responding to the DDOS attacks of 2000.

Tony Sager
Tony Sager is Senior VP of the Center for Internet Security. He led the development of CIS Controls, a collaborative effort to identify and support best practices in cybersecurity. His "volunteer army" identifies practices that will stop the vast majority of today's attacks, and he leads projects that share, scale, and sustain those practices for global adoption.

Tony retired in 2012 after 34 years as a mathematician, software vulnerability analyst, and senior manager at the National Security Agency. Tony oversaw all of the NSA's Red and Blue teams, as well as all security product evaluation teams. He helped lead the agency's top talent development programs and founded the Vulnerability Analysis and Operations Group (NSA's primary defense technical organization).

Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.