Season 6 — Episode 3

When Sean Atkinson says that “We’re on a trajectory to have the most vulnerabilities ever identified in a single year, starting this year,” take note: As Chief Information Security Officer for the Center for Internet Security, he knows what he’s talking about.

He’s referring to the ever-increasing tide of weaknesses and flaws that undermine the security of software used every single day by teams around the world. Between a more active threat landscape, demands for development velocity, and the rise of generative AI, the cat in this proverbial game of cat-and-mouse has their work cut out for them.

In this conversation, Robin Tatam, Puppet’s Evangelist and Certified Information Security Manager, talks with Sean about the role of a CISO, what’s behind the unprecedented rise in vulnerabilities, and how smart integrations turn automation into a first-line defense against threats, misconfiguration, errors, and software vulnerabilities.



  • What a CISO actually does versus a CIO or a CTO  
  • The difference between “security” and “compliance”  
  • How compliance helps build the backbone of a long-term security posture  
  • Who really owns IT security and where IT operations fits into the security conversation  
  • What CIS Benchmarks are, what they do, and how CIS “wizards” keep them up-to-date on the latest vulnerabilities
  • How Puppet’s partnership with CIS puts the power of automation behind CIS’s widely recognized frameworks


  • Robin Tatam, Senior Technical Marketer and Evangelist, Puppet by Perforce
  • Sean Atkinson, Chief Information Security Officer, Center for Internet Security


  • Learn more about Security Compliance Enforcement, a premium feature for Open Source Puppet and Puppet Enterprise that automates secure configurations hardened against CIS Benchmarks and DISA STIGs
  • Listen to Sean’s podcast with CIS, “Cybersecurity Where You Are,” wherever you get podcasts


Full episode transcript coming soon.

Need to Save Time & Bridge the Security Skill Gap?

Security Compliance Enforcement for Open Source Puppet and Puppet Enterprise automatically remediates configuration drift and enforces security baselines hardened against CIS Benchmarks and DISA STIGs. It enforces a compliant desired state across your entire infrastructure — including on-prem, cloud, hybrid, Windows, and multiple Linux distros.