Last summer, consultancy Deloitte launched a series of one-day educational programs for chief information security officers joining a new organization or individuals who are becoming a CISO.

Called the CISO Transition Lab and built off of two other labs for CIOs and CFOs, it is appropriate for information security professionals across multiple industries and more than 25 CISO labs were held last year. Those labs revealed that CISOs on average spend 77 percent of their time as technologists and guardians, rather than advisors and strategists.

In 2015, the program expanded with three to five labs monthly. And, it is free. Most participants are Deloitte clients, but others are also welcome.

The goal is to help CISOs joining a new company or moving into the position for the first time to hit the ground running and be able to focus on strategic issues rather than running from crisis-to-crisis, says Rick Siebenaler, a principal at Deloitte’s cyber risk services unit. Existing CISOs also can attend as the topics remain relevant for them, and some also have brought their direct report to the lab.

Also SeeSecurity Survival Guide–What the C-Suite Needs to Know

Labs are customized as Deloitte interviews stakeholders to get an understanding of the organization and make a lab more appropriate for the operations and politics within the organization.

Topics covered during a lab typically include developing an action plan to make progress on initiatives, how to be looking over the horizon at new issues while still putting out fires, setting direction for themselves and the team, learning how to have stakeholder relationships, setting priorities, and how to better communicate with team members and leadership.

According to Deloitte, CISOs must play four roles at the same time:

Strategist: Drive business and cyber risk strategy alignment, innovate and instigate transformational change to manage risk through valued investments;

Advisor: Integrate with the business to educate, advise and influence activities with cyber risk implications;

Guardian: Protect business assets by understanding the threat landscape and managing the effectiveness of the cyber risk program; and

Technologist: Assess and implement security technologies and standards to build organizational capabilities.

In short, attendees learn how to step back and see what needs to be done to be a strategist for the business, Siebenaler says. Deloitte also checks in later with students following a lab to see how they are progressing.

This article courtesy of Information Management's sister brand, HealthData Management.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access