CISO 2.0 Training and S-ISME Exam
Align security with business. The different ways security can be structured in an organization, the impact on the CISO role, mandate and stakeholder influencing strategies.
Identify major flaws in security organization design. Understand the crucial role of Security Operating Models as the bridge between strategy and execution. Practice alignment with value driven strategies and operating models from business and IT.
Govern, align and lead cyber security into an organization. Create strong allies with compliance and assurance to have everything in line with regulatory and legal requirements.
Position the CISO as a trusted strategic advisor.
Lead cyber security vs being lead (as mostly done today).
Create an inventory of your business and IT strategy.
Practice effective Risk Management, countervailing powers in an organization, successful implementation of risk management and responsibilities in a 3 lines of defence model.
Practice the impact of agile way of working on the security organization and controls.
Practice cybersecurity strategy development as a change management process to develop an implementable information security plan with realistic targets and goals. Define resource planning and budgets. Create a business case.
Manage information security in operations, programs, projects, supply chains, geographical locations, business units and in an agile organization.
Practice C-Level involvement. Report to the board and external stakeholders. Obtain a seat in the board. Define relational mechanism’s, how to discuss with board members / CEO in an unformal manner.
Evaluate the cyber function in the context of Risk Appetite, the role of digital transformation and Maturity levels in different types of organizations. Evaluate typical CISO Leadership competences and opportunities to grow. Identify your leadership style and create your personal development plan.
Define a problem to solve for your organization. Walk away from the course with a strategic plan and a personal development plan.
Day 1 - Security organization, CISO Role and Maturity
- Security Organization Design
- Operating Models: The DNA of your Security Organization
- Security Governance Models
- Building your team
- Business alignment exercise
- CISO Role, Mandate & Stakeholders
Day 2 - Leadership
- CISO Leadership Theories
- Personal competencies and leadership, KYS
- CISO Interfaces
Day 3 - Govern, align and organize Security
- Business aligned security
- Effective risk management
- Security in an agile organization
Day 4 - Strategy: Cybersecurity as a change management process
- Cybersecurity as organizational change
- Tactics for creating urgency
- Tactics for Identifying and tackling roadblocks
- Tactics for short-term goals and achievable steps
- Balancing incidents and structural change for impact
- Tactics for keeping up the momentum
Day 5 - Managing Security, Security Finance & C-Level engagement
- Managing Security in Operations
- Security Finance
- Reporting to the Board
- What’s on the Board’s mind?
- Presenting Information Security
The CISO 2.0 Program facilitates the growth path towards a Cybersecurity Leader that acts as a partner for business, adding the roles of Leader, Strategist and Change Manager to the Expert role. Developed by a group of renowned security leaders and reviewed by an industry veteran that advises Board Members, this program offers a unique blend of the security-, leadership-, change management- and business skills required from the modern CISO.
Certification from SECO-Institute: Information Security Management Expert Title (S-ISME)
The CISO 2.0 Program prepares for the highest certification within SECO-Institute's information security track. The certification is granted based on the successful completion of an assignment that participants will be working on during the course of the program. The case or strategy should ideally bring value to the company where the student is employed. The program has been set up in such a way that participants can integrate their homework assignments for each day immediately in their final paper that they must submit.
A qui s'adresse la formation?
Typical participants include but are not limited to CISO's, Information security officers, (cyber-) security managers, security consultants, security operations managers, information technology risk managers, information technology governance managers and risk advisories that integrate this course in their talent programs for high potentials.
The program also attracts CIO's, IT managers and cyber risk owners from business, adding additional value to group dynamics.
Participants are expected to have 2 years of experience at the tactical level with a solid understanding of Governance, Risk and be familiar with Maturity Models and Frameworks. Previous trainings could include CISSP, CISM, S-ISP, C|CISO.
The program requires a general level of seniority, an open personality and mindset, and the willingness to continuously challenge and improve yourself. The success of the program relies on group dynamics and enabling you to connect, work with and learn from your peers.