At Airiam, I act as Field CISO (vCISO) and Field CIO (vCIO) for clients. Sometimes, I handle both roles. This slide deck is my first meeting with my clients.
RE Capital's Visionary Leadership under Newman Leech
vCIO vCISO - Information Technology and Security Strategy.pptx
1. vCIO/vCISO IT and Security Strategy
Monthly Strategy Meetings
by Art Ocain, vCIO/vCISO at Airiam
2. Understand
the business
and current IT
strategy and
cyber
strategy
Assess &
update
current IT and
security
strategy
Create &
update
Information
Security
Program
Create &
update
Disaster
Recovery Plan
and Incident
Response Plan
Develop
Technology
Roadmap
Develop
Technology
Budget
Business
Alignment
Improve
Business
Outcomes
IT & Security
Architectural
Design
IT Risk
Management
IT Change
Management
Ongoing
Oversight of
IT Initiatives
Technical
Alignment
vCIO Processes vCIO Responsibilities
4. IT Strategic Plan
Think:
• Immediate Needs
• 1 Year Plan
• 3 Year Plan
• 5 Year Plan
1
Assemble a
cross-
functional
team (IT +
Business
Leaders)
2
Understand
business
strategy
and
objectives
3
Assess
current
state of IT
4
Identify
desired
future
state
5
Conduct a
gap
analysis
6
Analyze
scenarios
and
strategic
options
7
Define
strategic
objectives
8
Create
roadmap
9
Identify
success
metrics
Success
Metrics
Roadmap
Strategic
IT
Objectives
Desired
Future
State
Current
State of IT
Business
Goals
6. Information Security Strategic Plan
Think:
• Immediate Needs
• 1 Year Plan
• 3 Year Plan
• 5 Year Plan
Assemble a cross-
functional team (IT +
Business Leaders)
Understand business
strategy and
objectives
Conduct a risk
assessment
Identify compliance
constraints
Select a security
framework (NIST CSF,
ISO 27001, etc.)
Select a security
architectural model
(zero trust, castle-
and-moat, defense-
in-depth, etc.)
Identify desired
future state
Conduct a gap
analysis
Analyze scenarios
and strategic
options
Define strategic
objectives
Create roadmap
Identify success
metrics
Success
Metrics
Roadmap
Strategic
Objectives
Desired
Future
State
Framework
&
Strategy
Compliance
Req’s
Current
State of
Infosec
Business
Goals