CISO 2.0 ProgramAdvanced CISO training & certification with hands-on practice for the future's security leaders Request quoteBook as in-company
What will you learn?
- 9 Align security with the business. Understand the ways security is structured in different organisations and how organisational structure impacts the CISO role and mandate. Gain insight into stakeholder influencing strategies.
- 9 Govern cyber security. Create strong allies with compliance and assurance departments to ensure compliance with regulatory and legal requirements.
- 9Position the CISO as a trusted strategic advisor. Build a strong information security team and organisation with appropriate funding and executive support.
- 9Lead cyber security. Establish cyber security as a change management process. Use effective communication strategies to present information security as a business enabler.
- 9Translate strategic goals to an implementable information security plan with realistic goals and targets. Define resource planning and budgets, and build a compelling business case.
- 9Manage information security in operations, programs, projects, supply chains, geographical locations, business units and in an agile organisation.
- 9Report to the board and external stakeholders. Get a seat in the board and engage with board members /CEOs in the most effective way.
- 10 days, 7pm – 11pm CEST
- 8 hours self-study between contact days
- R1 CPE credit per study hour
“I was enrolled in the 2022 global CISO 2.0 course and I experienced outstanding overall professionalism from the onset of the course, all through to its conclusion. I was drawn to the modular and online nature of the course and could easily balance other commitments. Being a student through this course, enabled me to meet other Information Security professionals globally and offered me a sterling networking opportunity to exchange ideas, thoughts, and experience on how to navigate through the cybersecurity landscape. It also offered me the extraordinary opportunity to be mentored and taught by the sheer genius of the cybersecurity world, whose experience and wisdom in the practicalities of the subject matter was immensely valuable. I would highly recommend this course to anyone wanting to enhance their cyber security acumen, and networking opportunities complemented by an academic qualification via an educational institute of outstanding repute.”
CISO 2.0 Program – Advanced CISO training for the future’s security leaders
This CISO 2.0 Program was developed by practicing CISOs and other high-level security leaders to equip you with the leadership, management and business skills needed to succeed as a modern CISO.
The CISO’s role is no longer limited to protecting against threats and managing risks. Today’s CISOs are expected to play a crucial role in managing brand perception, employee engagement and the strategic adoption of new technologies driving revenue and business growth. The acceleration of digital transformation and the broadening scale and complexity of threats require CISOs to become more business-savvy as cyber security is entering the boardroom. The modern CISO is as much a cyber security expert as a cyber security leader, business partner, strategist and change manager.
The CISO 2.0 Program was designed to address the evolution of the CISO role: to enable the future’s security leaders to understand how business works and to articulate how security can drive business value. This advanced CISO training will take you on a growth path to thrive as a modern CISO – to shift from managing security to leading security, from technical and risk-based security to business-aligned security, and from adapting security to the business to influencing stakeholders and building strong allies. Developed by a group of renowned security leaders and reviewed by an industry veteran who advises board members on a regular basis, the CISO 2.0 Program offers a unique blend of the practical leadership, management and business skills required from the modern CISO.
Develop your personal CISO leadership skills and bring value to your organisation
The CISO 2.0 Program has a strong personal focus to ensure your training will have immediate benefits for you and your organisation. At the beginning of the course, you will define a strategic problem you would like to solve to bring value to your organisation (such as making strategic changes in security organisation design, culture and governance, or building a compelling business case for a strategic security innovation). Throughout the course, you will gain the skills and practical insights necessary to work out and implement your strategy or business case. At the end of the course, you will fully develop your security business case or strategy with the guidance of your trainers who will help you with insights from their own security leadership experience.
In this CISO 2.0 Program, you will also have the opportunity to assess your own personal CISO skills against a cyber leadership profile. Your trainers will support you in creating a personal development plan to further shape your cyber leadership role.
Is the CISO 2.0 Program for you?
Typical participants of this CISO training include but are not limited to CISOs, Information Security Officers, (Cyber) Security Managers, Security Consultants, Security Operations Managers, Information Technology Risk Managers, Information Technology Governance Managers and Risk Advisors who integrate this course in their high-potential talent programs. The CISO 2.0 Program also attracts CIOs, IT Managers and Cyber Risk Owners from the business, adding additional value to group dynamics. At the end of the day, security needs to know more about business….and business needs to know more about Security!
Prerequisites to joining the CISO 2.0 Program
Participants are expected to have 2 years of information security experience at the tactical level and a solid understanding of governance and risk (management). To make the most of this training, you should also be familiar with maturity models and frameworks. Previous trainings may include CISSP, CISM, C|CISO, Information Security Practitioner or similar.
Equally important, the setup of the program requires a general level of seniority, an open personality and mindset, and the willingness to continuously challenge and improve yourself. The success of the program and your training heavily relies on group dynamics and your ability to connect, cooperate and learn from your peers. Are you uncertain if this is the right program for you? Connect with us to get more information.
What is included in the CISO 2.0 Program?
- Official SECO-Institute course materials developed by expert CISOs, completed with reference literature
- 5 days of training from 9am-5pm CET, spread over a period of 4 months
- 2-hour introduction & workshop to help you create your ‘problem statement’
- 1:1 support on your research paper and business case during and after the program
- Guidance and support from an exceptional group of cyber security leaders
- Working in small classes with highly motivated peers
- A validated business alignment strategy/business case
- A personal CISO leadership development plan with opportunities to grow
- Access to the SECO Institute’s international CISO Network and professional community website, where you will find additional resources and exclusive knowledge events.
CISO 2.0 Course Modules
Module 1: The CISO and the Security Organisation
1.1 Security Organisation Design
– Security Organisation design approaches
– Major issues: When you get it wrong…
– Security Operating Model: The DNA of your organisation
– Security Capabilities in the Operating Model
– Security Governance Models
– Discussion: Governance models flaws
– CISO: Inside or outside of IT?
– Aligning the security team with overall business objectives
– Business alignment exercise: Aligning security with business strategies and value-based operating models
1.2. CISO Role, Interfaces and Stakeholders
– CISO Roles: Leader, Strategist, Change Manager, Expert
– Discussion: CISO role, position and mandate
– Major challenges resulting from a lack of executive support and stakeholder alignment
– CISO interfaces and interactions
– Stakeholder analysis based on stakeholder’s influence, involvement in cyber security, approach to cyber and relationships with other stakeholders
– Creating a stakeholder analysis model and goals table. Set the stage for your stakeholder influencing strategy
1.3. CISO Maturity in Leadership
– CISO Leadership in context of the organisation’s risk appetite and maturity
– CIRO Model & NIST
– CIRO Model Components:
1. Different organisation types based on their Risk Appetite and Maturity
2. The Cyber Security Function per maturity level
3. Cultural impact: Challenging, defining and shaping organisational culture
4. Nature of internal relationships, styles of interaction and the CISO’s level of influence
5. CISO Leadership competencies & growth opportunities
– Personal CISO Leadership Assessment
- Aligning security with business strategies and value-driven operating models
- Security Governance Models: How to identify and fix major pitfalls
- CISO Interfaces: Setting the stage for your stakeholder influencing strategy
- CISO Maturity in Leadership: Identify your leadership style and opportunities to grow
Module 2: CISO Leadership
2.1. CISO Leadership Theories
– Trait Theories
– Behavioural theories
– Contingency theories
– Power and influence theories
– Ethical leadership
– Transformational leadership
– Agile leadership
2.2. Personal competencies and leadership, KYS
– Know Yourself
– Leadership assessment
– Authenticity, trust and integrity
2.3. CISO interfaces
– Important CISO interfaces
– Driving change building successful teams
– Driving change through building successful relationships with CISO interfaces
– Stakeholder models and influencing strategies
- Know yourself
- Find your own voice
- Leadership assessment and personal development plan
- Stakeholder models and influencing strategies
Module 3: Govern, Align and Organise Security
3.1. Business-aligned security
– Introduction to business value and business strategy
– Business value strategies
– Business-aligned IT and security
– Alignment with IT maturity and existing IT governance
3.2. Effective risk management
– Understand countervailing powers in an organisation
– Deep dive into effective risk management processes and risk mitigation
3.3. Security in an agile organisation
– Introduction to the agile way of working
– Agile manifesto
– Lead by example: Agile security teams
– Security impact of the agile way of working
- Business strategy, IT and security strategy and key governance processes
- Countervailing powers (group discussion)
- Risk mitigation and risk acceptance
- Security impact of the agile way of working
Module 4: Information Security and Risk Management Strategy
4.1. Cybersecurity as organisational change
Use organisational change management tactics to implement an information security and risk management strategy
4.2. Tactics for creating urgency
Know the why
Never waste a good crisis
SWOT 2.0 applied to organisation-stakeholder relationship
4.3. Tactics for identifying and tackling roadblocks
– Sources of influence
– CISO addressing friction?
– Personal circles of influence
4.4. Tactics for short-term goals and achievable steps
Articulate your management plan
– Using cyber security maturity models
– Classic Fit-Gap Analysis of a standard
– Communication and KPIs: What is your dashboard?
Breaking the whole down into achievable steps
– Leveraging agile and LEAN methods for cyber security projects and processes
– Leverage your professionals
– Management by objectives / goal setting theory
Balancing incidents and structural change for organisational impact
4.5. Tactics for keeping up the momentum
Organisational learning cq learning maturity
Using the 3 Lines of Defense
Integrate different work styles for a unified view of cybersecurity via a control framework
Module 5: Managing Security in Operations
5.1. Security Operations vs. Security in Operations (part 1)
– SIEM, SOC, SOAR
– SECOPS & IT
– InfoSec in Business Ops
– InfoSec in IoT
– InfosSec in industrial environments (ISO62443)
5.2. Security Operations vs. Security in Operations (part 2)
– Challenges of InfoSec (Multi-locations, cloud, etc.)
– 3 lines of Defense versus Dynamic Risk Governance
– Breakout rooms: Translate the models to your own organisation
Module 6: Security Finance
6.1. Finance for non-finance professionals (introduction)
– Public versus private organisations
– Run cost versus change costs
– Capex vs. Opex
– EBIT vs. EBITDA
– Financial Statement vs. P&L
– Financial Management & KPIs
6.2. Creating a financial plan
– Key Elements
– Common pitfalls
– Aligning stakeholder expectations
– Break-out rooms: Create a high-level financial plan to set up a SOC
Module 7: Reporting to the Board
7.1. What is on the Board’s mind?
Presenting Information Security:
– Sources of the report
– Ways of bringing information to the board
– When to report and to whom
– How to align reports with board expectations
– Who are your allies within the board?!
Module 8: Prepare for your assignment and certification exam
CISO 2.0 Certification Exam (Information Security Management Expert)
The CISO 2.0 (Information Security Management Expert) certification exam is conducted by the SECO-Institute, Europe’s leading security and continuity certification body. By passing the certification exam and earning a SECO-Information Security Management Expert (S-ISME) certificate, you demonstrate that you possess the top competencies of a successful information security leader.
At the beginning of the program, you will receive a template for your final assignment (a strategy or business case to implement a change or innovation in your own organisation’s security). The goal of this assignment is to assess your ability to use the skills learnt in the CISO 2.0 Program to grow as a CISO and bring value to your organisation’s security governance or culture. During the course, you will complete smaller assignments before certain lectures and discuss the outcomes in class. These smaller assignments all contribute to your final assignment and can be integrated into your final assignment template as you complete them. We strongly advise you to define your ‘’problem to solve’’ for the final assignment as early as possible. This way, you can maximise the benefit of each smaller assignments. Equally important, completing the smaller assignments on time will reduce your workload at the end of the course.
1. Define your ‘problem to solve’ for your final assignment early in the program
2. Participate actively in the training and complete all assignments before the given contact day
3. Integrate the theory and practices learnt into your final assignment
4. Submit your assignment to the evaluation board
5. Take the remote online proctored exam with questions related to your assignment
6. Claim your SECO Information Security Management Expert (S-ISME) Certification Title and Digital Badge
7. Add your work experience and get the highest certification: Claim your S-CISO Title and Digital Badge
What are the benefits of an S-ISME or S-CISO certificate?
An S-ISME certificate demonstrates that you possess the knowledge and skills necessary to develop security strategies, guide a security team, and exert influence at the board level. This achievement will give you the confidence to assume a senior information security management role and provide leadership for your organisation. The S-CISO title validates your CISO expertise and work experience.
Authors & Lead Trainers
9am – 5.00pm
6, 27 November
19 December | 2023
7pm – 11pm
2, 4, 23, 25 October
13, 15 November
4, 6, 11, 13 December | 2023
In-company training tailored to your needs
Schedule this training as in-company. Upskill your entire team in the most cost-effective way!