The CISO Mentor

Recommendations

Info

Practical Application: You now lead the entire Governance,Risk, and Compliance organization reporting to the CISO. You gothere by being a compliance expert, and along the way, you likelylearned key concepts of governance and risk too. Now, although yourely on your direct reports to be experts, you also have a seat at theCISOs table with your peers. In this position, you will be expectedto set larger strategic objectives for the information security teamthat cross into security operations and identify/access management.You will do well, because your professional education along thisjourney has exposed you to many different components of aninformation security program. You’ve also built a wide network ofprofessionals within the information security organization andindustry, and that is now serving you well. Now, if not already, youwill need to understand how the organization works as a whole anddevelop relationships with leaders in those areas.CISOYou’ve made it! After years of hard work, you’ve made it toyour goal of being a CISO. Your focus now will certainly be lesstechnical and much more strategic in nature. Another large changeyou’ll immediately notice is that you are now part of the topleadership cadre in the company. As such, you’ll be expected toparticipate in strategic planning on nearly all facets of the business.By now, you should be very familiar with your company’s financialinformation, risks, growth strategies, market opportunities, andweaknesses. While you’ll still be graded according to informationsecurity ‘scorecards,’ you’ll also be more and more held accountableto being graded according to the financial growth of theorganization; in other words, you’re a key stakeholder in thedirection of the company. Your focus will be to ensure you have astrong leadership team implementing short- and medium-terminformation security objectives so you can focus on larger issues. A12
key component to this is ensuring they are well resourced withheadcount and initiative funds to ensure your organization is wellprotected against an agile and ever-evolving cyber threat adversary.No longer will the month- or year-long horizon be your limit. Youshould now be focused on multi-year strategies and ensuringcontinued organizational support, culturally and financially.Practical Application: The Board of your manufacturing firmis interested in increasing revenue by ensuring customers have inhouseoptions to finance their large purchases. The decision hasbeen made to purchase a financial services firm to implement justsuch an option. As CISO, you’ll need to strategically plan for theimpact to your current team. What are the differences in regulationwith a financial services firm? How should the information securityteam be aligned in your current organization, post-acquisition? Whatcapabilities do you now have that can take the place of the acquiredteam’s capabilities? How mature is the new team? All of thesequestions force key strategic decisions that you’ll need to make, andthen convince the Board to agree to, in order to make the acquisitionsuccessful. As an example, since you’ve become a trusted leader inthe firm over the years, you successfully argue that you needadditional resources focused on financial systems compliance, aswell as a deputy CISO whose job is to act as the CISO of the newlyacquired firm.13
Page 2 and 3: PRAISE FOR THE BOOK“Twelve years
Page 4 and 5: Copyright © 2021 by Zartech, Inc.A
Page 6 and 7: ContentsSection 1 - For those start
Page 8 and 9: then you should make a commitment t
Page 10 and 11: As well, you receive high performan
Page 14 and 15: Helpful LessonsFigure 1: Leadership
Page 16 and 17: 7. “Yes, if…” Don’t be the
Page 18 and 19: Chapter 2.2THE UNEXPECTED ROLES OF
Page 20 and 21: also began to find the joy of worki
Page 22 and 23: Something I did not expect as a CSO
Page 24 and 25: So, why as a CISO, do you need to b
Page 26 and 27: Humans are the greatest cyber relat
Page 28 and 29: Spending time with your stakeholder
Page 30: 30

The CISO Mentor

Create successful ePaper yourself

Delete template?

Save as template?