Our client for this engagement is a high profile Australian brand which gathers and holds very sensitive data on Australian consumers.
It is common knowledge that there is a skills gap in the cyber security market. That skills gap is unfortunately widest at the role which matters most, the CISO. It is therefore extremely difficult for many companies to find someone with real experience in articulating cyber risk to senior stakeholders, setting a strategic direction and then managing operations.
Through our CISO as a Service offering we placed a former ASX 10 CISO in this company one day a week. This allowed the client to get the skills they were unable to find or afford and allowed the client to demonstrate they had a strategic path to managing the company’s cyber risk.
The CISO carried out the following activities:
- Engaged senior business and non-executive stakeholders to articulate the company’s threat and cyber risk profile.
- Developed a cyber security strategy specific to the company
- Built out a security operating model based upon the strategy
- Set the strategy and operational objectives with the technology teams
- Presented as to progress and pain-points to the non-executive forums
- Managed budget negotiations with senior stakeholders
- Monitored and reported on key metrics