Tony Sager

Sager earned a bachelor's degree in mathematics from Western Maryland College (now McDaniel College) and later received a master's degree in computer science from Johns Hopkins University.{{cite web |title=Tony Sager |url=https://www.sans.org/profiles/tony-sager/ |website=SANS Institute |access-date=June 15, 2025 |archive-url=https://web.archive.org/web/20221026132712/https://www.sans.org/profiles/tony-sager/ |archive-date=October 26, 2022 |url-status=live}}

Tony Sager’s career in cybersecurity spans more than four decades, beginning with his work at the National Security Agency and continuing through his leadership at the nonprofit Center for Internet Security.

Sager joined the NSA in the late 1970s through its COMSEC Intern Program. During his tenure, he held positions as a mathematical cryptographer, software vulnerability analyst, and head of the System and Network Attack Center. He later led the Vulnerability Analysis and Operations Group. In 2001, he initiated efforts to publish public security guidance and promote open standards.

Following his retirement from the NSA, Sager transitioned to public-interest work by joining the Center for Internet Security (CIS). At CIS, he played a central role in developing the CIS Critical Security Controls—a framework used worldwide to help organizations implement prioritized cybersecurity practices.{{cite web |title=The CIS Critical Security Controls |url=https://www.cisecurity.org/controls |website=Center for Internet Security |access-date=June 14, 2025}} In his current role, he leads outreach, collaboration efforts, and public policy initiatives to strengthen cyber resilience.

In parallel with his work at CIS, Sager has frequently partnered with fellow cybersecurity leaders, including Ron Ross of the National Institute of Standards and Technology (NIST). Their public appearances and joint commentary have emphasized the alignment between CIS Controls and NIST frameworks, such as the CSF and SP 800-53.{{cite web |title=CDM Program Prepping Data Protection Push at Select Agencies |url=https://www.thecre.com/cm/?p=4253 |website=The CRE |access-date=June 15, 2025}}

Sager’s contributions have extended beyond technical work into public service. In February 2022, he was appointed to the inaugural Cyber Safety Review Board by the DHS and Cybersecurity and Infrastructure Security Agency (CISA).{{cite web |title=DHS Launches First-Ever Cyber Safety Review Board |url=https://www.dhs.gov/archive/news/2022/02/03/dhs-launches-first-ever-cyber-safety-review-board |website=DHS |access-date=June 14, 2025}} He also serves on several advisory panels and nonprofit boards related to cybersecurity education and public safety.

Sager’s cybersecurity leadership has also included direct engagement with U.S. lawmakers. In 2009 Senate testimony, he described an NSA red team exercise that exposed vulnerabilities in U.S. Air Force systems. The NSA’s resulting guidance, deployed across 500,000 systems, led to measurable improvements—reducing patch times from 57 days to 72 hours, cutting costs by over $100 million annually, and lowering help desk demand. He emphasized that these outcomes were due not only to technical measures, but also to strategic procurement policies, including collaboration with Microsoft.{{cite web |url=https://www.congress.gov/111/chrg/CHRG-111shrg51019/CHRG-111shrg51019.pdf |title=Cyber Security: Hearing Before the Committee on Homeland Security and Governmental Affairs, 111th Cong. (2009) |publisher=U.S. Senate Committee on Homeland Security and Governmental Affairs |format=PDF |page=15–16 |access-date=June 15, 2025}}

• Inducted into the Global Cyber Security Hall of Fame in 2023.{{cite web |title=The Center for Internet Security’s Tony Sager to be Inducted into the Global Cyber Security Hall of Fame |url=https://www.cisecurity.org/about-us/media/press-release/the-center-for-internet-securitys-tony-sager-to-be-inducted-into-the-global-cyber-security-hall-of-fame |website=Center for Internet Security |date=October 16, 2023 |access-date=June 15, 2025}}
• Recipient of the SANS Difference Makers Lifetime Achievement Award in 2024.{{cite web |title=SANS Difference Makers Awards |url=https://www.sans.org/about/awards/difference-makers/ |website=SANS Institute |access-date=June 15, 2025 |archive-url=https://web.archive.org/web/20250201000000/https://www.sans.org/about/awards/difference-makers/ |archive-date=February 1, 2025 |url-status=live}}
• Awarded the Presidential Rank Award (Meritorious Level) twice during his NSA career.
• Received the NSA Exceptional Civilian Service Award.
• His NSA teams were recognized by SC Magazine, SANS, and Government Executive magazine.

• "Vulnerability Analysis and Operations (VAO): A National Security Agency Perspective" (July 2009). NSA Information Assurance Symposium presentation. {{cite web |title=Vulnerability Analysis and Operations |url=https://csrc.nist.gov/CSRC/media/events/ispab-july-2009-meeting/documents/ispab_july09-sager_vulnerability-analysis-operation.pdf |website=NIST |access-date=June 15, 2025}}
• "Cybersecurity at Scale: Piercing the Fog of More", Center for Internet Security blog (2023). {{cite web |title=Cybersecurity at Scale: Piercing the Fog of More |url=https://www.cisecurity.org/insights/blog/cyber-at-scale-piercing-the-fog-of-more |website=Center for Internet Security |access-date=June 15, 2025}}
• Contributor to "CIS Community Defense Model 2.0", CIS white paper (2021). {{cite web |title=CIS Community Defense Model 2.0 |url=https://www.cisecurity.org/insights/white-papers/cis-community-defense-model-2-0 |website=Center for Internet Security |access-date=June 15, 2025}}
• "I Tell Our Story", LinkedIn article by Tony Sager (November 2020). {{cite web |title=I Tell Our Story |url=https://www.linkedin.com/pulse/i-tell-our-story-tony-sager |website=LinkedIn |access-date=June 15, 2025}}
• "My Summer of Information Superiority", LinkedIn article by Tony Sager (October 2020). {{cite web |title=My Summer of Information Superiority |url=https://www.linkedin.com/pulse/my-summer-information-superiority-tony-sager |website=LinkedIn |access-date=June 15, 2025}}

• Featured speaker at Center for Internet Security and SANS Institute conferences.
• Interviewed by Cybercrime Magazine on the Community Defense Model.{{cite web |title=Podcast: Tony Sager Discusses The Community Defense Model |url=https://www.cimcor.com/blog/community-defense-model |website=Cimcor/Cybercrime Magazine |access-date=June 14, 2025}}
• Appeared on CyberSecurity TV panel: "Making Policy Compliance Work for You."{{cite web |title=Making Policy Compliance Work for You – CIS Benchmarks & DISA |url=https://www.youtube.com/watch?v=3aE5JjKUVIs |website=CyberSecurity TV |access-date=June 14, 2025}}
• Guest on Forcepoint podcast: “Demystifying Security’s Wizards.”{{cite web |title=Replay: Demystifying Security’s Wizards – Tony Sager |url=https://www.forcepoint.com/resources/podcast/replay-demystifying-security-wizards-tony-sager |website=Forcepoint |access-date=June 15, 2025}}
• Featured on SC Media’s “CISO Stories” podcast.{{cite web |title=Listen: Former NSA analyst Tony Sager tackled ‘fog of more’ |url=https://www.scworld.com/news/listen-former-nsa-analyst-tony-sager-tackled-fog-of-more |website=SC Media |date=July 1, 2021 |access-date=June 15, 2025}}
• Keynote speaker at SANS Security East 2025.{{cite web |title=Cybersecurity Pioneer Tony Sager to Keynote SANS Security East 2025 |url=https://www.globenewswire.com/news-release/2025/02/18/3028066/0/en/Cybersecurity-Pioneer-Tony-Sager-to-Keynote-SANS-Security-East-2025-Featuring-Expanded-Training-and-Networking-Opportunities.html |website=GlobeNewswire |date=February 18, 2025 |access-date=June 15, 2025}}
• Quoted in The Washington Post on NSA disclosure and surveillance policy.{{cite news |last=Zakrzewski |first=Cat |title=The Cybersecurity 202: Here's why NSA rushed to expose a dangerous computer bug |url=https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2020/02/06/the-cybersecurity-202-here-s-why-nsa-rushed-to-expose-a-dangerous-computer-bug/5e3b0f41602ff15f8279a52e/ |work=The Washington Post |date=February 6, 2020 |access-date=June 15, 2025}}{{cite news |last=Rucker |first=Phillip |title=NSA shouldn’t keep phone database, review board recommends |url=https://www.washingtonpost.com/world/national-security/nsa-shouldnt-keep-phone-database-review-board-recommends/2013/12/18/f44fe7c0-67fd-11e3-a0b9-249bbb34602c_story.html |work=The Washington Post |date=December 18, 2013 |access-date=June 15, 2025}}
• Featured on Bloomberg Television's *The American Dream* (March 2025).{{cite web |title=The Center for Internet Security to be Featured on Bloomberg Television’s “The American Dream” |url=https://fox5sandiego.com/business/press-releases/ein-presswire/796707375/the-center-for-internet-security-to-be-featured-on-bloomberg-televisions-the-american-dream/ |website=Fox5 San Diego |date=March 24, 2025 |access-date=June 15, 2025}}{{cite web |title=The Center for Internet Security to be Featured on Bloomberg Television’s “The American Dream” |url=https://www.cbs42.com/business/press-releases/ein-presswire/796707375/the-center-for-internet-security-to-be-featured-on-bloomberg-televisions-the-american-dream/ |website=CBS42 |date=March 24, 2025 |access-date=June 15, 2025}}

Sager’s work influenced public and private risk management and systems security practices. His involvement in CIS Controls contributed to their global adoption as a cybersecurity standard. His ongoing advisory roles underscore his influence on U.S. cybersecurity policy and practice.

• Center for Internet Security
• Cyber Safety Review Board

{{Authority control}}

{{DEFAULTSORT:Sager, Tony}}

Category:Living people

Category:American computer scientists

Category:Johns Hopkins University alumni

Category:McDaniel College alumni

Category:United States Department of Homeland Security officials

Category:Year of birth missing (living people)

Category:American technology writers