This document discusses strategies for chief information security officers (CISOs) to improve their performance and impact within their organizations. It outlines five secrets of high-performing CISOs: embracing the role of change agent, not waiting to be invited to key processes, building a cohesive cybersecurity team rather than just a technical one, communicating the value of security to the business, and recognizing that improving organizational engagement is a long-term process. The document also describes models for assessing technical excellence and organizational engagement, and provides recommendations for CISOs to develop practices in both areas over time.
16. #RSAC
Data: Embrace the Change Agent Role
Our team has quarterly
“engagement” goals that
involve face-to-face
meetings with all lines of
business and IT teams, and
the CISO has a goal to
“engage up” in the
organization.
3 of 4 High Performers
1 in 20 Low Performers
“We
systematically
and proactively
engage
stakeholders at
all levels…”
26. #RSAC
Two Models – Two Diagnostics
8 Domains of
Technical Excellence
7 Factors of
Organizational Engagement
25 Question
Diagnostic
50 Question
Diagnostic
26
27. #RSAC
CISO Impact Quotient (CIQ)
TechnicalExcellence
Organizational Engagement
27
What’s Your CIQ?
Foundational High
Foundational
Transitional High
Transitional
Executive
Foundational
High
FoundationalTransitional
High
TransitionalExecutive
40. #RSAC
Five Secrets of High Performing CISOs
You Must Lead
Without Authority
Embrace the Change
Agent Role
Don’t Wait to Be
Invited to the Party
Build a Cohesive
Cyber Cadre Not Just
a Team
It’s a 5-7 Year
Journey to High
Impact
42. #RSAC
Action Plan
Invest 60 minutes (30 + 30) and take both diagnostics at:
Get YOURTechnical Excellence and Organizational Engagement reports
Embark on your data-driven journey to information security leadership
https://rsa2017.iansresearch.com
42