Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Keith Fricke - CISO for an Hour
Similaire à Keith Fricke - CISO for an Hour (20)
Plus de centralohioissa
Plus de centralohioissa (20)
Dernier
Dernier (20)
Keith Fricke - CISO for an Hour
- 1. 2016 Central Ohio InfoSec Summit 1 Keith Fricke, MBA, CISSP, PMP Principal Consultant tw-Secuity keith.fricke@tw-security.com 216-280-4430 CISO for an Hour
- 2. Speaker Background • 30 years in Information Technology • 16 years in healthcare information security • Certified Information Systems Security Professional (CISSP) • Project Management Professional (PMP) • Former Chief Information Security Officer for Mercy Health (Ohio) • Managed security for Cleveland Clinic’s 9 community hospitals • Board member of Cleveland InfraGard
- 3. Learning Objectives • Gain an understanding of tips in getting a CISO job • Gain awareness of the key actions to take early in your new position • Become familiar with important non-technical tasks in the role • Pick up some words of wisdom
- 4. Setting Expectations • Primary audience: technical or manager-level folks looking to promote into CISO / ISO / Director role • Past and present CISOs may pick up a few tips too • No guarantees in securing the role • Designed to provide insight
- 5. Getting the Job • Focus on leadership experience (can you lead?) • Focus on project management experience (can you deliver?) • Questions to ask: o Corporate initiatives o Security initiatives in flight and on the books o Expectations for first 90 days o Management style of your boss o Where security sits in the org chart
- 6. The First 90 Days • Confirm expectations • Are you taking over an existing program or building a new one? • Risk Assessments • Identify budget • Building strategic relationships • “What do I need to know about interacting with the locus of power?”
- 7. Building a New Program • Define Org Chart • Create a Services Catalog • Use past risk assessments & identify methodology • Conduct risk assessments if none are available • Inventory security technology • Understand operational ownership of security technology
- 8. Communications • Interacting with C-level o Email o Meetings o Phone o Text • Clear, Concise • Learning how much detail is enough based on the communication medium
- 9. Communications • Building relationships o Example: FAIR • Direct reports and department • Join committees • Start committees
- 10. Budget 101 • Fiscal year vs. Calendar year • CapEx vs. Opex o Forecasting gotchas o Accruals • Capitalizing labor • Managing a cost center • Know the style of budget accountability o Slush o To the Penny • Tips on preparing for Q1, Q2 and Q4
- 11. Department Meetings • Building relationships • Recommendations of frequency o Keeping geographic disparity in mind • The meeting agenda • Celebrating
- 12. Running an Effective Meeting • Agenda o Sending it out o Format • Crucial reasons to take minutes • Creating a parking lot – why this is a great idea • Gaining consensus – a tip
- 13. Performance Reviews • Goal Setting o Aligning with company o Aligning with department o Aligning with the individual o Some may be tied to engagement survey results • Documentation is so critical • Career paths
- 14. Projects • Learn how to do project management time forecasting • The two most difficult security projects in my opinion • Expect projects to take time • Expect security program maturity to take time • Reduction in Force affecting project schedules • Career paths
- 15. Some Tips • Missing the boat when it comes to opportunity • Innovative thinking can sometimes pay you back handsomely • Building a peer network • One of the most important aspects to develop in your security program….
- 16. Incident Response • Have plans • Test the plans • Tap into expertise where and when you need it o My sidebar opinions on forensics • Strengthen those relationships mentioned earlier
- 17. Contact Information Keith Fricke Principal Consultant, tw-Security keith.fricke@tw-Security.com 216-280-4430