The role of the Chief Information Security Officer (CISO) is quickly becoming more important as cybersecurity in general becomes more intertwined with companies’ business activities. Our CISO mentoring has had dramatic effects on the performance of individuals and has improved organizational success. We help newly-minted CISOs embrace their organization’s strategic vision, enable products and services, build executive presence and define the steps necessary to improve Cybersecurity across the organization.
Additionally, we work with companies to review their organizational structure, data protection needs and compliance requirements to establish proper Cybersecurity leadership. We have successfully guided organizations to define the commitment, clarity and accountability required of an effective CISO and the cybersecurity program he or she is charged with leading.
“Our big new prospect wants to understand our Data Security posture. What do we tell them?”
Generally speaking this question launches many organizations on the journey to structuring their approach to data security. Often the core building blocks of a sound data security program are in place but they have not been organized into a cohesive information security management system.
Since Ken has built cybersecurity programs from scratch, he has the ability to guide organizations to:
“I’ve just been put in charge of Information Security. What do I do now”
The typical newly-minted Information Security Officer is promoted from a senior IT position and has superior technical skills. But, often there is no roadmap for building out an information security office in a rapidly growing organization. Moreover, the skills required to lead information security are vastly different from those required for IT engineers.
Given Ken’s deep background he helps guide the ISO to:
As a trusted advisor, Ken has developed a clear understanding of the information security and information privacy needs of growing businesses. His core belief is that businesses can enhance their overall financial and marketing performance by improving their cybersecurity posture. He believes this is accomplished by involving employees at all levels of the organization who work together to create an environment of control and safety which is then effectively communicated to prospects, customers and investors.
Ken has integrated enterprise information security strategies with overall enterprise strategic plans. He has created the security architecture vision, capabilities and solutions with teams of stakeholders throughout numerous organizations. His models have extended traditional security architectures and standards to the cloud assuring that modern cloud-based workloads on AWS, Azure, etc. are protected by the same rigorous controls as on-premises systems.
Ken has helped organizations achieve organizational compliance to ISO27001, SOC1, SOC2, PCI-DSS and GDPR standards while overseeing the planning and timely execution of the security program portfolio including budget and resource prioritization required to achieve that compliance.