Security icon

Hire or Develop a World-Class CISO

Find a strategic and security-focused champion for your business.

Unlock

This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

View Storyboard

Solution Set Storyboard thumbnail

Contributors

  • Mark Lester, Information Security Manager, South Carolina State Ports Authority
  • Kyle Kennedy, CISO, CyberSN.com
  • Elliot Lewis, Vice President Security & Risk, Info-Tech Research Group
  • James Miller, Information Security Director, Xavier University
  • Jeffrey Gardiner, CISO, Western University
  • Candy Alexander, GRC Security Consultant, Towerall Inc.
  • Chad Fulgham, Chairman, PerCredo
  • Brian Bobo, VP Enterprise Security, Schneider National
  • Lisa Davis, CEO, Vicinage
  • Tim Tyndall, Systems Architect, Oregon State
  • Joey LaCour, VP & Chief Security, Colonial Savings
  • Robert Banniza, Senior Director IT Center Security, AMSURG
  • Karla Thomas, Director IT Global Security, Tower Automotive
  • Andrew Maroun, Enterprise Security Lead, State of California
  • Luis Brown, Information Security & Compliance Officer, Central New Mexico Community College
  • Kevin Warner, Security and Compliance Officer, Bridge Healthcare Providers
  • Ian Parker, Head of Corporate Systems Information Security Risk and Compliance, Fujitsu EMEIA
  • Diane Kelly, Information Security Manager, Colorado State Judicial Branch

Your Challenge

  • CEOs/CXOs are looking to hire or develop a senior security leader and aren't sure how to identify the best candidate.
  • Organizations are looking to optimize their security plans, and move from a tactical position to a more strategic one.

Our Advice

Critical Insight

  • The Chief Information Security Officer (CISO) you choose must be empowered to integrate with the business and become an enabler of business processes.
  • To be successful, there are three primary tasks that a world-class CISO must master:

1. Aligning security controls with business requirements

2. Fostering a risk management culture

3. Managing talent and change

Impact and Result

  • Hire the right person for the job who will also address your specific organizational needs.
  • Create a high-altitude view of your CISO’s competencies and your information security process and technology gaps, and use these to form an action plan.
  • Empower your CISO to be a strategic partner to the business and to enable new business processes.

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should hire or develop a world-class CISO, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Launch

Understand the core competencies required to be a successful world-class CISO and identify which competencies are a priority for the organization.

2. Assess

Evaluate CISO candidates to hire or develop the right CISO for organizational needs, and understand the CISO's stakeholder relationships.

4. Execute & maintain

Implement the plan and schedule time to reassess the progress of the CISO and security program.

Guided Implementations

This guided implementation is an eight call advisory process.

Guided Implementation #1 - Launch

Call #1 - Review and discuss the CISO core competencies list, and what an effective CISO can do for your organization
Call #2 - Have a dedicated results call to discuss your Security Business Satisfaction and Alignment Diagnostic

Guided Implementation #2 - Assess

Call #1 - Discuss the CISO Core Competency Evaluation Tool, and review organizational needs
Call #2 - Review competency gaps and stakeholder relationships, and set priorities for your organization

Guided Implementation #3 - Plan

Call #1 - Complete and review results from your Security Process and Technology Assessment Tool
Call #2 - Create a plan to remediate competency and security gaps, and improve stakeholder relationships

Guided Implementation #4 - Execute & maintain

Call #1 - Discuss and create your CISO Development Plan, and track your development
Call #2 - Make a plan to revisit this process, and reassess your CISO and security plan in the future

Onsite Workshop

Discuss This Workshop

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Assess Core Competencies and Security Process & Technology Maturity

The Purpose

  • Understand the competencies and tasks required of a world-class Chief Information Security Officer (CISO) and which areas should be a priority for your organization.
  • Create a high-altitude view of your security process and technology maturity.

Key Benefits Achieved

  • Identify the competencies that are most important to your organizational needs.
  • Understand current maturity of security processes and technologies, and which areas need remediation.

Activities

Outputs

1.1

CISO Core Competency Evaluation Tool

  • Key competencies for organizational needs
  • Insights for hiring guide
1.2

Security Process and Technology Maturity Assessment Tool

  • List of priorities to upgrade security processes and technologies
1.3

CISO Stakeholder Power Map Template

  • Understanding of CISO’s stakeholder relationships and collaborators
1.4

Security Governance Organizational Structure Template

  • Proposed organizational chart and map of responsibility assignment for security tasks and initiatives

Module 2: Assess CISO Candidates and Develop a Hiring and Development Strategy for Your New CISO

The Purpose

  • Create a plan to hire the new CISO.
  • Establish an action plan for this person to remediate organizational security processes and technologies, as well as personal competencies and relationships.

Key Benefits Achieved

  • Guide for the CEO/CXO to hire the new CISO and assess personal competencies.
  • Plan to remediate the CISO’s personal competency gaps.
  • Plan to cultivate CISO’s key stakeholder relationships.
  • Plan to remediate security process and technology gaps.

Activities

Outputs

2.1

CISO Core Competency Evaluation Tool

  • Interview guide for CISO competency priorities
  • Action plan for CISO to remediate personal competency gaps
2.2

CISO Stakeholder Management Strategy Template

  • Action plan for CISO to improve key stakeholder relationships
2.3

Security Process and Technology Maturity Assessment Tool

  • Action plan for CISO to remediate security process and technology gaps
2.4

CISO Development Plan Template

  • Creation of CISO Development Plan