CISO Mentoring
for individuals
and organizations
Ken
Leeser
The role of the Chief Information Security Officer (CISO) is quickly becoming more important as cybersecurity in general becomes more intertwined with companies’ business activities. Our CISO mentoring has had dramatic effects on the performance of individuals and has improved organizational success. We help newly-minted CISOs embrace their organization’s strategic vision, enable products and services, build executive presence and define the steps necessary to improve Cybersecurity across the organization.
Additionally, we work with companies to review their organizational structure, data protection needs and compliance requirements to establish proper Cybersecurity leadership. We have successfully guided organizations to define the commitment, clarity and accountability required of an effective CISO and the cybersecurity program he or she is charged with leading.
Information Security Leadership Challenges
For Organizations
- When do we need a dedicated security leader?
- What are the qualities of a strong security leader?
- What compliance audits should we undergo?
- How do we assess the risks of Third Parties who are integral to our business?
- How do I prepare for a potential data breach?
For Individuals
- What does management expect of me?
- How do I balance security obligations with business imperatives?
- How do I guide change in the organization?
- How do I inspire staff to respect security protocols?
- How do I get budget for security tools?
CyberMentoring for the Growing Businesses
“Our big new prospect wants to understand our Data Security posture. What do we tell them?”
Generally speaking this question launches many organizations on the journey to structuring their approach to data security. Often the core building blocks of a sound data security program are in place but they have not been organized into a cohesive information security management system.
Since Ken has built cybersecurity programs from scratch, he has the ability to guide organizations to:
- Identify if there is a need to hire a dedicated security leader.
- Review which compliance audits would create the most benefit.
- Determine if system and IP assets are adequately secured.
- Evaluate the organization’s cybersecurity strategy to see if it is aligned with its business objectives.
- Assess if the organization is spending appropriately on security priorities.
- Assess if the organization would be able to detect a breach and if it has the structure to respond effectively
- Determine if the cybersecurity area has access to adequate resources.
- Compare the organization’s security program to that of its peers.
CyberMentoring for the Information Security Leader
“I’ve just been put in charge of Information Security. What do I do now”
The typical newly-minted Information Security Officer is promoted from a senior IT position and has superior technical skills. But, often there is no roadmap for building out an information security office in a rapidly growing organization. Moreover, the skills required to lead information security are vastly different from those required for IT engineers.
Given Ken’s deep background he helps guide the ISO to:
- Develop a business case for investing in cybersecurity and risk management.
- Inform and influence senior executives to commit to obtaining and maintaining this investment.
- Oversee the planning, acquisition and evolution of secure infrastructures.
- Assess the impact of security policies and regulatory requirements on systems and organizational objectives.
- Identify and implement compliance priorities.
- Communicate effectively with customers and prospects.
About Ken
As a trusted advisor, Ken has developed a clear understanding of the information security and information privacy needs of growing businesses. His core belief is that businesses can enhance their overall financial and marketing performance by improving their cybersecurity posture. He believes this is accomplished by involving employees at all levels of the organization who work together to create an environment of control and safety which is then effectively communicated to prospects, customers and investors.
Ken has integrated enterprise information security strategies with overall enterprise strategic plans. He has created the security architecture vision, capabilities and solutions with teams of stakeholders throughout numerous organizations. His models have extended traditional security architectures and standards to the cloud assuring that modern cloud-based workloads on AWS, Azure, etc. are protected by the same rigorous controls as on-premises systems.
Ken has helped organizations achieve organizational compliance to ISO27001, SOC1, SOC2, PCI-DSS and GDPR standards while overseeing the planning and timely execution of the security program portfolio including budget and resource prioritization required to achieve that compliance.