Hire or Develop a World-Class CISO

Find a strategic and security-focused champion for your business.


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • CEOs/CXOs are looking to hire or develop a senior security leader and aren't sure how to identify the best candidate.
  • Organizations are looking to optimize their security plans, and move from a tactical position to a more strategic one.

Our Advice

Critical Insight

  • The Chief Information Security Officer (CISO) you choose must be empowered to integrate with the business and become an enabler of business processes.
  • To be successful, there are three primary tasks that a world-class CISO must master:

1. Aligning security controls with business requirements

2. Fostering a risk management culture

3. Managing talent and change

Impact and Result

  • Hire the right person for the job who will also address your specific organizational needs.
  • Create a high-altitude view of your CISO’s competencies and your information security process and technology gaps, and use these to form an action plan.
  • Empower your CISO to be a strategic partner to the business and to enable new business processes.


  • Mark Lester, Information Security Manager, South Carolina State Ports Authority
  • Kyle Kennedy, CISO, CyberSN.com
  • Elliot Lewis, Vice President Security & Risk, Info-Tech Research Group
  • James Miller, Information Security Director, Xavier University
  • Jeffrey Gardiner, CISO, Western University
  • Candy Alexander, GRC Security Consultant, Towerall Inc.
  • Chad Fulgham, Chairman, PerCredo
  • Brian Bobo, VP Enterprise Security, Schneider National
  • Lisa Davis, CEO, Vicinage
  • Tim Tyndall, Systems Architect, Oregon State
  • Joey LaCour, VP & Chief Security, Colonial Savings
  • Robert Banniza, Senior Director IT Center Security, AMSURG
  • Karla Thomas, Director IT Global Security, Tower Automotive
  • Andrew Maroun, Enterprise Security Lead, State of California
  • Luis Brown, Information Security & Compliance Officer, Central New Mexico Community College
  • Kevin Warner, Security and Compliance Officer, Bridge Healthcare Providers
  • Ian Parker, Head of Corporate Systems Information Security Risk and Compliance, Fujitsu EMEIA
  • Diane Kelly, Information Security Manager, Colorado State Judicial Branch

Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should hire or develop a world-class CISO, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

  1. Launch

    Understand the core competencies required to be a successful world-class CISO and identify which competencies are a priority for the organization.

  2. Assess

    Evaluate CISO candidates to hire or develop the right CISO for organizational needs, and understand the CISO's stakeholder relationships.

  3. Plan

    Evaluate the new CISO's security program and create a plan to close any security and competency gaps.

  4. Execute & maintain

    Implement the plan and schedule time to reassess the progress of the CISO and security program.

Guided Implementation icon Guided Implementation

This guided implementation is an eight call advisory process.

    Guided Implementation #1 - Launch

  • Call #1: Review and discuss the CISO core competencies list, and what an effective CISO can do for your organization

  • Call #2: Have a dedicated results call to discuss your Security Business Satisfaction and Alignment Diagnostic

  • Guided Implementation #2 - Assess

  • Call #1: Discuss the CISO Core Competency Evaluation Tool, and review organizational needs

  • Call #2: Review competency gaps and stakeholder relationships, and set priorities for your organization

  • Guided Implementation #3 - Plan

  • Call #1: Complete and review results from your Security Process and Technology Assessment Tool

  • Call #2: Create a plan to remediate competency and security gaps, and improve stakeholder relationships

  • Guided Implementation #4 - Execute & maintain

  • Call #1: Discuss and create your CISO Development Plan, and track your development

  • Call #2: Make a plan to revisit this process, and reassess your CISO and security plan in the future

Onsite Workshop

Module 1: Assess Core Competencies and Security Process & Technology Maturity

The Purpose

  • Understand the competencies and tasks required of a world-class Chief Information Security Officer (CISO) and which areas should be a priority for your organization.
  • Create a high-altitude view of your security process and technology maturity.

Key Benefits Achieved

  • Identify the competencies that are most important to your organizational needs.
  • Understand current maturity of security processes and technologies, and which areas need remediation.

Activities: Outputs:
1.1 CISO Core Competency Evaluation Tool
  • Key competencies for organizational needs
  • Insights for hiring guide
1.2 Security Process and Technology Maturity Assessment Tool
  • List of priorities to upgrade security processes and technologies
1.3 CISO Stakeholder Power Map Template
  • Understanding of CISO’s stakeholder relationships and collaborators
1.4 Security Governance Organizational Structure Template
  • Proposed organizational chart and map of responsibility assignment for security tasks and initiatives

Module 2: Assess CISO Candidates and Develop a Hiring and Development Strategy for Your New CISO

The Purpose

  • Create a plan to hire the new CISO.
  • Establish an action plan for this person to remediate organizational security processes and technologies, as well as personal competencies and relationships.

Key Benefits Achieved

  • Guide for the CEO/CXO to hire the new CISO and assess personal competencies.
  • Plan to remediate the CISO’s personal competency gaps.
  • Plan to cultivate CISO’s key stakeholder relationships.
  • Plan to remediate security process and technology gaps.

Activities: Outputs:
2.1 CISO Core Competency Evaluation Tool
  • Interview guide for CISO competency priorities
  • Action plan for CISO to remediate personal competency gaps
2.2 CISO Stakeholder Management Strategy Template
  • Action plan for CISO to improve key stakeholder relationships
2.3 Security Process and Technology Maturity Assessment Tool
  • Action plan for CISO to remediate security process and technology gaps
2.4 CISO Development Plan Template
  • Creation of CISO Development Plan

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now
GET HELP Contact Us
VL Methodology