SlideShare a Scribd company logo

Template to Pitch Security Programs to CxO MGT

P
pangel4

A template to use for Presenting ('selling') a Security Program (strategy) to CxO Management. Ref - Security Program to CxO MGT_2013_July30v2

Technology
1 of 8
Download to read offline
Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
 What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
 What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
 What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
 Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
 Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐

Recommended

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboardsteve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Propositionnycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales PlaybookPeter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECCSECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guideTony Hague
 

Recommended

Sell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtSell Security Programs To Sr Mgt
Sell Security Programs To Sr MgtPatrick Angel - MBA, CISSP(c) CISM(c) CRISC(c) CISA(c)
 
Why You Should Consider Springboard
Why You Should Consider SpringboardWhy You Should Consider Springboard
Why You Should Consider Springboardsteve tice
 
Amateus Value Proposition
Amateus Value PropositionAmateus Value Proposition
Amateus Value Propositionnycitstrategist1
 
Agile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueAgile Capitalization For Greater Business Value
Agile Capitalization For Greater Business ValueCA Technologies
 
Converged Systems Sales Playbook
Converged Systems Sales PlaybookConverged Systems Sales Playbook
Converged Systems Sales PlaybookPeter Stone - VSP/VTSP/SCSA
 
Redesigning production strategy-SECC
Redesigning production strategy-SECCRedesigning production strategy-SECC
Redesigning production strategy-SECCSECC Egypt
 
Get Smart About Technical Debt
Get Smart About Technical DebtGet Smart About Technical Debt
Get Smart About Technical DebtCAST
 
PP C&A 3D process guide
PP C&A 3D process guidePP C&A 3D process guide
PP C&A 3D process guideTony Hague
 
CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCorporater
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psTristan Senycia
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software SalesJohn Akbari
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...QueBIT Consulting
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutotask
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationRamkumar Ravichandran
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMProduct School
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to ExecutionAlithya
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.SL Corporation
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Syspangel4
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - WebinarGramener
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015Alessandro Braga
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015Alessandro Braga
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfScryla
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01laboratoridalbasso
 
6 Sigma
6 Sigma6 Sigma
6 Sigmaalexjoseph813
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business ArchitectureEnterprise Architects
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&ASecureDocs
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 

More Related Content

Similar to Template to Pitch Security Programs to CxO MGT

CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCorporater
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psTristan Senycia
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software SalesJohn Akbari
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...QueBIT Consulting
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutotask
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationRamkumar Ravichandran
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMProduct School
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to ExecutionAlithya
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.SL Corporation
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Syspangel4
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - WebinarGramener
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfScryla
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01laboratoridalbasso
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&ASecureDocs
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414pptgregoryg
 

Similar to Template to Pitch Security Programs to CxO MGT (20)

CEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architectureCEO / CXO Architecture | The missing piece in your IT architecture
CEO / CXO Architecture | The missing piece in your IT architecture
 
Scoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv psScoping your next release defining and documenting mv ps
Scoping your next release defining and documenting mv ps
 
Growing Enterprise Software Sales
Growing Enterprise Software SalesGrowing Enterprise Software Sales
Growing Enterprise Software Sales
 
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
Practical Implementation Tips For Implementing a Financial Planning - QueBIT ...
 
Automating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email ProcessingAutomating Communications Workflow: Incoming Email Processing
Automating Communications Workflow: Incoming Email Processing
 
Advancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organizationAdvancing the analytics maturity curve at your organization
Advancing the analytics maturity curve at your organization
 
How to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PMHow to Manage a Mixed Portfolio of Products by Salesforce PM
How to Manage a Mixed Portfolio of Products by Salesforce PM
 
Aligning Profit to Execution
Aligning Profit to ExecutionAligning Profit to Execution
Aligning Profit to Execution
 
Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.Need Middleware Monitoring? Build a Better Business Case.
Need Middleware Monitoring? Build a Better Business Case.
 
Strategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC SysStrategy to Design / Implement a GRC Sys
Strategy to Design / Implement a GRC Sys
 
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar 5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
5 Steps To Measure ROI On Your Data Science Initiatives - Webinar
 
U Start Accademy 24102015
U Start Accademy 24102015U Start Accademy 24102015
U Start Accademy 24102015
 
U Start Academy 24102015
U Start Academy 24102015U Start Academy 24102015
U Start Academy 24102015
 
How to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdfHow to assess the impact of technology on your business (1).pdf
How to assess the impact of technology on your business (1).pdf
 
Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01Ldb IMPRESapp Sharing Ideas_Dettori 01
Ldb IMPRESapp Sharing Ideas_Dettori 01
 
6 Sigma
6 Sigma6 Sigma
6 Sigma
 
Understanding Business Architecture
Understanding Business ArchitectureUnderstanding Business Architecture
Understanding Business Architecture
 
Trends in Tech M&A
Trends in Tech M&ATrends in Tech M&A
Trends in Tech M&A
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 
Risk And Relevance 20080414ppt
Risk And Relevance 20080414pptRisk And Relevance 20080414ppt
Risk And Relevance 20080414ppt
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Template to Pitch Security Programs to CxO MGT

  • 1. Patrick Angel - Interim CISO / Enterprise IT Security - CISSP® CISM® CRISC® CISA® www.RandomAccessTechnology.com (214) 517-3086 Presenting Security Programs to Senior Management (CxO’s)
  • 2.  What’s the History / driving‐factors… (provide perspective)  Is this Regulatory ? Or Market‐based ?  Due to Competition ? Is there New‐Technology / an Opportunity?  To Avoid (excessive) Risk / a Lawsuit ?  Be sure to Tie Project(s) / Program to (supporting) Bus. Objectives For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Proposal / Why are we doing this? (what’s the Value Proposition..?)
  • 3.  What is the Risk? Is it Revenue or Financial Loss? ‐‐ (list it in specific dollars – 30% of $600MM ‐ $200MM)  Is there the Risk of a Lawsuit.. ? What’s the Probability..?  Is there the Risk of Loss of Business / Partners..?  Is there the Risk of Bad‐Press / Media Coverage.. ? (e.g. stock drop) For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® What is the Risk to the Company? (what’s the Value Proposition..?) Use a Heat-Map / Risk-Cube to reflect the overall Risk
  • 4.  What’s the Cost (both Short‐Term and Long‐Term)  Be sure to include Staff / FTE and misc‐Expenses (travel / training)  Is there Hardware or Software involved..?  Include Licenses and maintenance / upgrades cost  Issue RFP and get minimum 3 Vendor’s Quotes to compare,  Startup Purchase‐Costs / Investment goes against Capital Costs (Cap‐Ex) for Proposal – then Depreciation, Taxes, etc.  Yearly ongoing (Operational – Op‐Ex) Costs go into Annual Budgets  Be sure to provide some measure of the Return (payback) / Internal Value  If difficult to measure, compare against cost of Lawsuit or Fines to Project costs For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Capital COSTS(s) and / or Expenses (CAP-EX vs OP-EX)
  • 5.  Keep It Simple – Less is More once Project‐Reporting starts  Build the initial Work‐Breakdown‐Structure (WBS or ‘the Plan’) with realistic dates, Resources, with some slack time for ‘unforseen’ events, but do not spend waste resources to ‘manage the plan’  Report Weekly – include: Budget‐to‐Date, any Change‐Orders and most importantly – MILESTONES and Issues / Risks to ALL Stakeholders  High‐Level Timeline w/major Milestones and Key‐Dates shows the Project is being ‘Tracked’ and inspires confidence For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Project(s) Execution and Reporting (Provide enough info to show Management that project is well-run) 7‐Sep 14‐Sep 21‐Sep 28‐Sep 5‐Oct 12‐Oct 19‐Oct 26‐Oct 2‐Nov 9‐Nov 16‐Nov 23‐Nov 30‐Nov Project 1 ‐ Main (1 of 3 components done) Network Upgrade DESKTOP Configuration E ‐ Commerce ReDeploy Database Standards CSIRT Program Procedures GRC Software Implement IdM / RBAC Project MyMatrix (incl CANADA modules) RFP Issue Review Results ‐ Select Vendor ‐ Start Roll‐out PEN‐Testing ‐ Validate PCI Docs SEPTEMBER OCTOBER NOVEMBER
  • 6.  Discuss / get Feedback from the ‘Business’ and other Mgmt member, then update your presentation / numbers ‐‐ In‐effect, you are gaining ‘buy‐in’ from your peers, making them ‘Partners’ in your Project  Be sure to ‘sell the Benefits’ of your Project / Results to help Change / challenge old Mindsets / ‘Paradigms’  Bring in an ‘Outside Expert’ consultant for the Project / Change and help to guarantee success…  Publish ongoing Progress, celebrate Milestones and Announce the Project / Program’s End & Final Results, give thanks to Stakeholders For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA® Recommendations for Success (Don’t forget that PEOPLE make Process and Technology work…)
  • 7. Get Started Now… ‘…Chance favors the prepared Mind’ www.RandomAccessTechnology.com (214) 517-3086 For customers of Random Access Technologies, Inc. only - Patrick Angel, CISM® CRISC® CISA®
  • 8. About the Author Copyright® 2018 - For customers of Random Access Technologies, Inc. only. Patrick Angel • Roles: Interim CISO / Director PMO / Enterprise I‐T Security‐Architect / Risk‐Management and Compliance Manager • Areas: PCI, SOX, GLBA Privacy, Project‐Auditing, Application‐Security Testing and Secure Development (SDLC) • Education – Bachelors in Information Systems (MIS) • Dean’s List and Honor’s List – Masters Business Administration (MBA) • Years of Experience • 20+ years in Information Systems • 15+ years of P/M, SDLC and Governance, Risk and Compliance • Hands‐on Software Developer, Application‐Testing, I‐T Auditing • Certifications and Associations include ‐