While recently teaching a class in Washington DC, I had a student, let's call him Anders, share an interesting story. Anders works at a large, global technology company where during a two-day offsite every security leader gave 15-minute presentations about their security teams.
Anders said that every single presenter got crushed, that senior leadership picked apart every single presentation with a variety of questions. Every single presenter got hammered. All except one.
Anders couldn't figure out why that one person's presentation went so well. He racked his brain but couldn't quite piece it together.
This brings us back to Washington DC where Anders and I were now halfway through class. After sharing this story, he said the tools and topics we discussed so far helped highlight exactly what his colleague did right. In 15 minutes, the presenter shared just three slides:
- Business objectives
- Crown jewels
- Roadmap
The presenter started detailing the organization's business objectives by showing a clip of the CEO saying that security is a top priority and listing the reasons why. Then he discussed the organization's crown jewels, i.e., the most important assets and process for the company and his business unit. Finally, he shared his team roadmap, giving a high-level overview that described how these activities in the roadmap protected the crown jewels and aligned to business objectives.
CISOs and security leaders are under increased scrutiny and pressure, not only from internal leadership, but also from external requirements like the new SEC rules and NIS 2 changes. There's also a need to keep up with new technologies like Generative AI (GenAI) and Large Language Models (LLMs) to understand what policies and procedures need to be put in place.
It's exactly these topics that we cover in the newly updated LDR514: Security Strategic Planning, Policy, and Leadership. Prepare for your next 15 minute presentation to leadership and see what you should have in your plan by checking out the free course demo.
About the Author
Frank Kim is the CISO-in-Residence at YL Ventures, supporting cybersecurity entrepreneurs with ideation and market research, conducting due diligence for potential investments, and engaging in go-to-market activities of the firm's portfolio companies. He is a SANS Fellow where he leads the Cloud Security and Cybersecurity Leadership curricula to help shape and develop the next generation of security leaders. Previously, he served as the organization's CISO where he led the information risk function for the most trusted source of cybersecurity training and certification in the world. Frank serves as an advisor to numerous security startups and authors and teaches courses on CISO leadership, strategic planning, DevSecOps, and cloud security. Frank is also the author and instructor of LDR512: Security Leadership Essentials for Managers, LDR514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevSecOps Automation. Learn more about Frank Kim.
