Managing Up and Out™ Security Strategy and Education
Tap the 30+ years combined experience of our team to align stakeholders from Boards of Directors and C-suite to critical asset owners or front-line team members. Whether it’s a business case, strategy roadmap, or key presentation, we can cross-train, ghostwrite, or deliver on your behalf.
McKinsey1 has said, “The large majority of things you need to do to be secure don’t happen in the security organization.”
An industry peer coined this term, saying “managing up and out” is a particular strength of ours in comparison to many Chief Information Security Officers (CISOs), who they described as “managing down and in”. The latter is a natural tendency to stay close to a comfort zone since most come to the CISO role from a technical background. Unfortunately, it’s a recipe for problems in light of McKinsey’s statement.
Projects Managing Up and Out
Projects have included:
- Cybersecurity Strategy Roadmaps
- Cybersecurity Project Strategy
- Business case development & presentations
- Board of Directors presentations & support
- CISO and Security leadership curriculum
- Role-specific security training for Critical Asset Owners, C-suite, and Boards
- Cybersecurity Organizational Development
- Keynote speaking
- 50+ years combined experience on Fortune 500 mission critical projects requiring both tech skills and business savvy
- 30+ years combined experience creating the technology business case for owners, Boards of Directors, and CxOs
- 35+ years combined experience in cybersecurity and network engineering
- Pro-active stakeholder engagement – from front line team to senior leadership and owners – means low organizational noise and rapid implementation once support is aligned
- Hyper-practical, right-size orientation; avoid over-engineering the solution
- Hard-wired to sweat during planning to avoid bleeding during implementation
- Nationally recognized experts accustomed to working globally
- “SecuriThink has been a trusted advisor for over ten years…They have an exceptional ability to boil complicated things down to simple components and solid deliverables. The resulting clarity unfailingly gave me a powerful approach whether I needed to brief the C-suite and Board of Directors or get buy-in from front line team members and suppliers…I’ve found no one else who does strategy at this level nor that offers this kind of specificity and focus.” Chief Information Security Officer (CISO), Fortune 500 Critical Infrastructure
- “You brought tact and skill to the process.” EVP, General Counsel, Board Director, Fortune 500 Automotive Manufacturing
We invite you to contact us to explore if Managing Up and Out is a good match for your situation.
What Else We Do
This unique approach, with a known range of verified accuracy, was first field-tested on 12 Fortune 500 Merger and Acquisition (M&A) deals yet it also supports data-driven investment decisions for cybersecurity compliance.
Cybersecurity Maturity Model Certification (CMMC) is the evolution of cybersecurity contractual requirements from the Department of Defense (DoD) with which SecuriThink practitioners have been involved for over 10 years.
Our journey satisfying these requirements is the story of “how we know what done looks like” for cybersecurity as we state on our website homepage.
Get higher returns on your project investment with a field-tested data classification solution based on two Fortune 500 projects involving 12,000 and 50,000 team members, respectively.
Our Data Classification Solution integrates technology with business transformation methods to manage factors too often left out of a security project. We leverage what’s already going well in your organization, while shifting to higher potential.
Readily create dollars from Operational Technology (OT) data using our field-tested approach to Information Technology (IT) integration based on success at 42 facilities across 15 different business divisions
Optimizing your company’s information security
Takes more than the latest technology
Or a staff trained to use it.
It takes a shift in thinking.
A shift in acting.
Securing your crown jewel assets, one household at a time.
Over 90% of most companies’ value now comes from intangible assets. In addition to Intellectual Property (IP), brand reputation, competitive advantage, supplier network, employee retention, and customer loyalty are measurably affected by cyberattacks. Research shows some of the most damaging losses coming from trusted insiders with malicious intent, also called Insider Threat.
The biggest gains come from proactive attention to Insider Threat, that is, don’t chase after the horse that’s gotten away, keep it from leaving the stable.
Threat actors are increasingly exploiting the path of least resistance in the supply chain to attack their real targets. While more large companies have built a reasonable cybersecurity posture, malicious actors still find easy ingress through abundant open doors in smaller suppliers.
Supply chain attacks have skyrocketed to the point where targeted companies are motivated to manage their own risk by managing the risk hiding in their supply chain.