Download as PDF, PPTX
Uploaded byPriyanka Aash
The five secrets of high performing cisos
This document discusses strategies for chief information security officers (CISOs) to improve their performance and impact within their organizations. It outlines five secrets of high-performing CISOs: embracing the role of change agent, not waiting to be invited to key processes, building a cohesive cybersecurity team rather than just a technical one, communicating the value of security to the business, and recognizing that improving organizational engagement is a long-term process. The document also describes models for assessing technical excellence and organizational engagement, and provides recommendations for CISOs to develop practices in both areas over time.
More Related Content
Similar to The five secrets of high performing cisos
The five secrets of high performing cisos
- 1. SESSION ID:SESSION ID: #RSAC TheFive Secrets of High- Performing CISOs CXO-T10
- 2. #RSAC Helping shift thebalance of power in the cyber war since 2001 Institute for Applied Network Security 2
- 3.
- 4. #RSAC Lead your organization toadopt safe business practices 4
- 5. #RSAC You have toLead WITHOUT Authority pssst!
- 6. #RSAC CISO Impact Data:Leading Without Authority “With key allies we have finalized risk stewardship policies for business leaders.”
- 7. #RSAC 7 Big Idea forInfosec Leadership CISO Impact™
- 8. #RSAC Technical Excellence CISO Impact™ 8 BigIdea for Infosec Leadership
- 9. #RSAC Technical Excellence AND OrganizationalEngagement CISO Impact™ 9 Big Idea for Infosec Leadership
- 10. #RSAC Why Technical Excellence? cloud NIST ISO visibility:SIEM, SOC incident response insider threat advanced threat Pen testing active defense safecoding endpoint protection Threat intelligence talent desert malware 10
- 11. #RSAC Why Organizational Engagement? policy audit riskprofile board presentation difficult conversations communication stakeholders accountability assessments and the CISO reports to… security awareness businessskills budgets Negative employment rate 11
- 12. #RSAC Focus on: 7Factors of Organizational Engagement 12
- 13. #RSAC Factor 1: Gain Commandof the Facts 13
- 14. #RSAC Factor 2: Get theBusiness to Own Risk 14
- 15. #RSAC Embrace the Change AgentRole pssst!
- 16. #RSAC Data: Embrace theChange Agent Role Our team has quarterly “engagement” goals that involve face-to-face meetings with all lines of business and IT teams, and the CISO has a goal to “engage up” in the organization. 3 of 4 High Performers 1 in 20 Low Performers “We systematically and proactively engage stakeholders at all levels…”
- 17. #RSAC Factor 3: Embed into KeyProcesses 17
- 18. #RSAC Don’t Wait tobe Invited to the Party pssst!
- 19. #RSAC CISO Impact Data:Don’t Wait to Be Invited In “…we’ve run simulations and mock attacks at executive offsites.”
- 20. #RSAC Factor 4: Run InfoSecLike a Business 20
- 21. #RSAC Factor 5: Technical &Business Capable Team 21
- 22. #RSAC Build a Cohesive CyberCadre – Not Just a Team pssst!
- 23. #RSAC CISO Impact Data:Build a Cyber Cadre 84% of High Performers 1.4% of Low Performers “…got the right people, on the path to a cohesive team.”
- 24.
- 25.
- 26. #RSAC Two Models –Two Diagnostics 8 Domains of Technical Excellence 7 Factors of Organizational Engagement 25 Question Diagnostic 50 Question Diagnostic 26
- 27. #RSAC CISO Impact Quotient(CIQ) TechnicalExcellence Organizational Engagement 27 What’s Your CIQ? Foundational High Foundational Transitional High Transitional Executive Foundational High FoundationalTransitional High TransitionalExecutive
- 28. #RSAC It’s a 5to 7 Year Journey to High Impact pssst!
- 29. #RSAC Organizational Engagement –Next Practices Foundational Program 29
- 30.
- 31. #RSAC 31 Organizational Engagement –Next Practices Transitional Program
- 32. #RSAC 32 Organizational Engagement -Dataset High Transitional Program
- 33. #RSAC 33 Organizational Engagement -Dataset Executive Program
- 34. #RSAC 34 Technical Excellence –Next Practices Foundational Program 2.Softwareand VendorSecurity
- 35. #RSAC 35 Technical Excellence –Next Practices High Foundational Program 2.Softwareand VendorSecurity
- 36. #RSAC 36 Technical Excellence -Dataset Transitional Program 2.Softwareand VendorSecurity
- 37. #RSAC 37 Technical Excellence -Dataset High Transitional Program 2.Softwareand VendorSecurity
- 38. #RSAC 38 Technical Excellence -Dataset Executive Program 2.Softwareand VendorSecurity
- 39. #RSAC 39 Technical Excellence +Organizational Engagement Softwareand VendorSecurity
- 40. #RSAC Five Secrets ofHigh Performing CISOs You Must Lead Without Authority Embrace the Change Agent Role Don’t Wait to Be Invited to the Party Build a Cohesive Cyber Cadre Not Just a Team It’s a 5-7 Year Journey to High Impact
- 41. #RSAC Lead your organization toadopt safe business practices 41
- 42. #RSAC Action Plan Invest 60minutes (30 + 30) and take both diagnostics at: Get YOURTechnical Excellence and Organizational Engagement reports Embark on your data-driven journey to information security leadership https://rsa2017.iansresearch.com 42
- 43. #RSAC Questions? Phil Gardner, Founderand CEO pgardner@iansresearch.com Stan Dolberg, Chief Research Officer sdolberg@iansresearch.com 43