Information Security Management Expert

5 days

SECO’s flagship CISO leadership course

The CISO job is no longer just to protect against threats and manage risk; they are now expected to play a crucial role in managing brand perception, employee engagement and the strategic adoption of new technologies driving revenue and further growth. In paradox, the huge paste of digital transformation and scale and complexity of threats has driven demand for the technical security professional to become more business savvy now that security is entering the boardroom level. As a result, the growth path towards becoming a CISO has changed as well and this is exactly what you’ll take away from this course: You’ll be upgrading from managing information security to leading security into the organization, shift from technical and risk based to business aligned security, move from adapting to influencing, from stakeholder management to building strong allies, and dive deep into the management side of security, how business works and why and how security is important for it. Developed by a group of renowned security leaders and reviewed by a veteran that informs and advises Board Members on a daily basis, the course offers a unique blend of the practical-, leadership-, management- and business skills required from the CISO 2.0.

To successfully participate in this course, you should have at least 2 years of experience in implementing and coordinating information security at the tactical level. Prior education could include CISSP, CISM, Information Security Practitioner or similar.

Authors & Lead Trainers

Lies Alderlieste-de Wit
Author & Trainer

Global Director cybersecurity governance at Danone

Chris Wauters
Author & Trainer

Security Transition Manager,
Agile & Security Leadership

Koen Maris
Advisory Board

Cyber Security leader
at PwC Luxembourg

Michael Garceau
Trainer

Senior Risk Manager,
Founder CipherQuest

At a Glance

Expert level

Information Security Management Expert

5 days

Experienced information security professionals looking to lead security in a CISO- or similar role. Existing CISO’s with a technical background that want to learn more about the business, leadership and management side of security. Information security managers, information security officers, senior security consultants.

IT / business / security alignment, the evolution of information security from technology- driven to risk based to business- aligned, the different ways security can be structured in an organization and the impact on the CISO role.

Govern, align and lead cyber security into an organization. Create strong allies with compliance and assurance to have everything in line with regulatory and legal requirements.

Position the CISO as a trusted strategic advisor. Build a strong information security team and organisation with appropriate funding and executive support.

Establish a good relationship with internal and external stakeholders. Lead cyber security vs being lead (as mostly done today). Communication ways, reverse psychology vs direct communication. Create a compelling story instead of denying projects because of security concerns.

Translate strategic information security goals to an information security plan with realistic targets and goals. Define resource planning and budgets. Create a business case.

Manage information security in operations, programs, projects, supply chains,  geographical locations, business units.

Report to the board and external stakeholders.  Obtain a seat in the board, at least once or twice a year. Define relational mechanism’s, how to discuss with board members / CEO in an unformal manner.

Understand the agile organization and agile security.

Syllabus

Day 1 – CISO & The Security Organization

1.1 Evolutions impacting the security organizations:
– IT and the waves of innovation
– The 4 waves of information security
– Regulations
– The Agile organization

1.2. The information security organization, CISO mandate & key stakeholders
– Structures
– Culture, goals, risk appetite, strategic importance of digitalization
– CISO mandate and key stakeholders

1.3. CISO Role and skills
– Secure the organization, protect the brand, drive revenue
– Evolution of the CISO Role
– Key tasks and skills

1.3. CISO Leadership
– Success factors: Go-to business partner, Forward thinker, Change and revenue driver
– Pitfalls: Not listening, Not communicating, IT Mindset, Getting in the way of business
– Crucial leadership skills: Driving change / change agent, People motivator, Trust builder

1.4. CISO Maturity Model and skills assessment
– CIRO Model
– CISO maturity in the context of organization’s (required) maturity
– Level 1 till 5, but there’s no one size fits all
– Where are you at now? Where would you like to be?

Exercises:

  • CISO 2.0 expectations
  • Security organization
  • Stakeholder model, enablers and inhibitors

 

Day 2 – Leadership

1.1. CISO Leadership Theories
– Trait Theories​
– Behavorial theories​
– Contingency theories​
– Power and influence theories
– Ethical leadership
– Transformational leadership
– Agile leadership

1.2. Personal competencies and leadership, KYS
– Know Yourself
– Leadership assessment
– Authenticity, trust and Integrit
– Courage
– Story telling

1.3. CISO interfaces
– Important CISO interfaces
– Driving change building successful teams
– Driving change through building successful relationships with CISO interfaces
– Stakeholder models and influencing strategies

Exercises:

  • Know yourself
  • Find your own voice
  • Leadership assessment and personal development plan
  • Stakeholder models and influencing strategies

Day 3 – Govern, align and organize security

3.1. Business aligned security
– Introduction on business value en business strategy
– Business value strategies
– Business aligned IT and security
– Alignment with IT maturity and existing IT governance

3.2. Effective risk management
– Need for countervailing power in an organization
– Deep dive on effective risk management processes and risk mitigation

3.3. Security in an agile organization
– Introduction agile way of working
– Agile manifesto
– Lead by example: agile security teams
– Impact agile way of working on security

Exercises:

  • Business strategy, IT and security strategy and key governance processes
  • Countervailing powers (group discussion)
  • Risk mitigation and risk acceptance
  • Impact agile way of working on security controls

Day 4 – Information security and risk management strategy

Day 5 – Managing Information Security, Evaluation and Reporting to the Board

Collect your badge of honor

Throughout the duration of the training you will work on an assignment, bringing all that you have learned into practice. Once you turned in your assignment you will take a proctored remote exam where you will be asked to answer questions related to your assignment. After positive evaluation of both your assignment as well as your capability of defending it, you may claim your IMSE- Title. In addition to that and if you can back up your knowledge with sufficient experience, you may also claim the Certified CISO Title, the highest certification in SECO’s Information Security track.

Dates & locations

Online Live

5 days

8 hours a day

Find a Local Training Partner

Organize a class dedicated for your team