Hire or Develop a World-Class CISO
Find a strategic and security-focused champion for your business.
- CEOs/CXOs are looking to hire or develop a senior security leader and aren't sure how to identify the best candidate.
- Organizations are looking to optimize their security plans, and move from a tactical position to a more strategic one.
- The Chief Information Security Officer (CISO) you choose must be empowered to integrate with the business and become an enabler of business processes.
- To be successful, there are three primary tasks that a world-class CISO must master:
1. Aligning security controls with business requirements
2. Fostering a risk management culture
3. Managing talent and change
Impact and Result
- Hire the right person for the job who will also address your specific organizational needs.
- Create a high-altitude view of your CISO’s competencies and your information security process and technology gaps, and use these to form an action plan.
- Empower your CISO to be a strategic partner to the business and to enable new business processes.
- Mark Lester, Information Security Manager, South Carolina State Ports Authority
- Kyle Kennedy, CISO, CyberSN.com
- Elliot Lewis, Vice President Security & Risk, Info-Tech Research Group
- James Miller, Information Security Director, Xavier University
- Jeffrey Gardiner, CISO, Western University
- Candy Alexander, GRC Security Consultant, Towerall Inc.
- Chad Fulgham, Chairman, PerCredo
- Brian Bobo, VP Enterprise Security, Schneider National
- Lisa Davis, CEO, Vicinage
- Tim Tyndall, Systems Architect, Oregon State
- Joey LaCour, VP & Chief Security, Colonial Savings
- Robert Banniza, Senior Director IT Center Security, AMSURG
- Karla Thomas, Director IT Global Security, Tower Automotive
- Andrew Maroun, Enterprise Security Lead, State of California
- Luis Brown, Information Security & Compliance Officer, Central New Mexico Community College
- Kevin Warner, Security and Compliance Officer, Bridge Healthcare Providers
- Ian Parker, Head of Corporate Systems Information Security Risk and Compliance, Fujitsu EMEIA
- Diane Kelly, Information Security Manager, Colorado State Judicial Branch
Get the Complete Storyboard
See how all the steps you need to take come together, with tools and advice to help with each task on your list.Download Now
Get to Action
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should hire or develop a world-class CISO, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.
Understand the core competencies required to be a successful world-class CISO and identify which competencies are a priority for the organization.
Evaluate CISO candidates to hire or develop the right CISO for organizational needs, and understand the CISO's stakeholder relationships.
Evaluate the new CISO's security program and create a plan to close any security and competency gaps.
Execute & maintain
Implement the plan and schedule time to reassess the progress of the CISO and security program.
Module 1: Assess Core Competencies and Security Process & Technology Maturity
- Understand the competencies and tasks required of a world-class Chief Information Security Officer (CISO) and which areas should be a priority for your organization.
- Create a high-altitude view of your security process and technology maturity.
Key Benefits Achieved
- Identify the competencies that are most important to your organizational needs.
- Understand current maturity of security processes and technologies, and which areas need remediation.
|1.1||CISO Core Competency Evaluation Tool||
|1.2||Security Process and Technology Maturity Assessment Tool||
|1.3||CISO Stakeholder Power Map Template||
|1.4||Security Governance Organizational Structure Template||
Module 2: Assess CISO Candidates and Develop a Hiring and Development Strategy for Your New CISO
- Create a plan to hire the new CISO.
- Establish an action plan for this person to remediate organizational security processes and technologies, as well as personal competencies and relationships.
Key Benefits Achieved
- Guide for the CEO/CXO to hire the new CISO and assess personal competencies.
- Plan to remediate the CISO’s personal competency gaps.
- Plan to cultivate CISO’s key stakeholder relationships.
- Plan to remediate security process and technology gaps.
|2.1||CISO Core Competency Evaluation Tool||
|2.2||CISO Stakeholder Management Strategy Template||
|2.3||Security Process and Technology Maturity Assessment Tool||
|2.4||CISO Development Plan Template||
Build a Security Awareness and Training Program
Exploit Disruptive Security Trends for 2015
Develop and Deploy Security Policies
Build a Security Governance and Management Plan
Hire or Develop a World-Class CISO
Build an Information Security Strategy
Optimize Security Operations without Overspending
Develop and Implement a Security Incident Management Program
Implement and Optimize an Effective Security Management Metrics Program
Develop a Network Security Roadmap to Lower Incident Costs and Increase Efficiency
Secure Critical Systems and Intellectual Property Against APT
Ensure Cloud Security in IaaS and PaaS Environments
Comply with the Security Requirements of HIPAA or SOX
Defend Against Ransomware
Develop a User Management Strategy
Exploit Disruptive Security Trends in 2016
Improve Information Security Practices in the Small Enterprise
Manage Security Mitigation Effectiveness
Manage the Budget to Optimize Security Spending
Develop and Optimize Threat Intelligence on a Budget
Manage Security Outsourcing