Get Instant Access
to This Blueprint

Security icon

Hire or Develop a World-Class CISO

Find a strategic and security-focused champion for your business.

  • CEOs/CXOs are looking to hire or develop a senior security leader and aren't sure how to identify the best candidate.
  • Organizations are looking to optimize their security plans, and move from a tactical position to a more strategic one.

Our Advice

Critical Insight

  • The Chief Information Security Officer (CISO) you choose must be empowered to integrate with the business and become an enabler of business processes.
  • To be successful, there are three primary tasks that a world-class CISO must master:

1. Aligning security controls with business requirements

2. Fostering a risk management culture

3. Managing talent and change

Impact and Result

  • Hire the right person for the job who will also address your specific organizational needs.
  • Create a high-altitude view of your CISO’s competencies and your information security process and technology gaps, and use these to form an action plan.
  • Empower your CISO to be a strategic partner to the business and to enable new business processes.

Hire or Develop a World-Class CISO Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should hire or develop a world-class CISO, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Launch

Understand the core competencies required to be a successful world-class CISO and identify which competencies are a priority for the organization.

2. Assess

Evaluate CISO candidates to hire or develop the right CISO for organizational needs, and understand the CISO's stakeholder relationships.

4. Execute & maintain

Implement the plan and schedule time to reassess the progress of the CISO and security program.

Workshop: Hire or Develop a World-Class CISO

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess Core Competencies and Security Process & Technology Maturity

The Purpose

  • Understand the competencies and tasks required of a world-class Chief Information Security Officer (CISO) and which areas should be a priority for your organization.
  • Create a high-altitude view of your security process and technology maturity.

Key Benefits Achieved

  • Identify the competencies that are most important to your organizational needs.
  • Understand current maturity of security processes and technologies, and which areas need remediation.




CISO Core Competency Evaluation Tool

  • Key competencies for organizational needs
  • Insights for hiring guide

Security Process and Technology Maturity Assessment Tool

  • List of priorities to upgrade security processes and technologies

CISO Stakeholder Power Map Template

  • Understanding of CISO’s stakeholder relationships and collaborators

Security Governance Organizational Structure Template

  • Proposed organizational chart and map of responsibility assignment for security tasks and initiatives

Module 2: Assess CISO Candidates and Develop a Hiring and Development Strategy for Your New CISO

The Purpose

  • Create a plan to hire the new CISO.
  • Establish an action plan for this person to remediate organizational security processes and technologies, as well as personal competencies and relationships.

Key Benefits Achieved

  • Guide for the CEO/CXO to hire the new CISO and assess personal competencies.
  • Plan to remediate the CISO’s personal competency gaps.
  • Plan to cultivate CISO’s key stakeholder relationships.
  • Plan to remediate security process and technology gaps.




CISO Core Competency Evaluation Tool

  • Interview guide for CISO competency priorities
  • Action plan for CISO to remediate personal competency gaps

CISO Stakeholder Management Strategy Template

  • Action plan for CISO to improve key stakeholder relationships

Security Process and Technology Maturity Assessment Tool

  • Action plan for CISO to remediate security process and technology gaps

CISO Development Plan Template

  • Creation of CISO Development Plan

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 8 touchpoints with our researchers, all included in your membership.

Guided Implementation #1 - Launch
  • Call #1 - Review and discuss the CISO core competencies list, and what an effective CISO can do for your organization
  • Call #2 - Have a dedicated results call to discuss your Security Business Satisfaction and Alignment Diagnostic

Guided Implementation #2 - Assess
  • Call #1 - Discuss the CISO Core Competency Evaluation Tool, and review organizational needs
  • Call #2 - Review competency gaps and stakeholder relationships, and set priorities for your organization

Guided Implementation #3 - Plan
  • Call #1 - Complete and review results from your Security Process and Technology Assessment Tool
  • Call #2 - Create a plan to remediate competency and security gaps, and improve stakeholder relationships

Guided Implementation #4 - Execute & maintain
  • Call #1 - Discuss and create your CISO Development Plan, and track your development
  • Call #2 - Make a plan to revisit this process, and reassess your CISO and security plan in the future


Cameron Smith

Jessica Ireland

Chris Chiancone


  • Mark Lester, Information Security Manager, South Carolina State Ports Authority
  • Kyle Kennedy, CISO,
  • Elliot Lewis, Vice President Security & Risk, Info-Tech Research Group
  • James Miller, Information Security Director, Xavier University
  • Jeffrey Gardiner, CISO, Western University
  • Candy Alexander, GRC Security Consultant, Towerall Inc.
  • Chad Fulgham, Chairman, PerCredo
  • Brian Bobo, VP Enterprise Security, Schneider National
  • Lisa Davis, CEO, Vicinage
  • Tim Tyndall, Systems Architect, Oregon State
  • Joey LaCour, VP & Chief Security, Colonial Savings
  • Robert Banniza, Senior Director IT Center Security, AMSURG
  • Karla Thomas, Director IT Global Security, Tower Automotive
  • Andrew Maroun, Enterprise Security Lead, State of California
  • Luis Brown, Information Security & Compliance Officer, Central New Mexico Community College
  • Kevin Warner, Security and Compliance Officer, Bridge Healthcare Providers
  • Ian Parker, Head of Corporate Systems Information Security Risk and Compliance, Fujitsu EMEIA
  • Diane Kelly, Information Security Manager, Colorado State Judicial Branch
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019