Transforming CISO Success

Support the CISO, Enable Business

The challenges are too profuse to list.  The Business is complex, ever evolving, and full of inter-connected risks and dependencies.  Yet it demands value, and it expects solutions.  There are always too many high priorities and always too much to do but rarely enough support, understanding, money, time, or resources to do it with.  And just when you think you are getting somewhere, everything changes.


How to succeed as a CISO: leader of the most important and demanding profession of the information, digital, and cyber age?


David Lynas

In this innovative and ground-breaking two-day seminar, world-leading security strategist and architect, and author of the SABSA methodology, David Lynas, will introduce hugely valuable methods and techniques to transform CISO success in building, leading and sustaining an Enterprise Security program, and take an existing program to the next level.

With 40 years experience in security, David has been at the forefront of the Enterprise Security Architecture field since its inception in 1995, founding DLC in 2012. David is a co-author of the SABSA Methodology & Chief Education Officer at The SABSA Institute.

Learning Objectives & Outcomes

  • Establish a Business-driven focus to ensure Security is always delivered in the context of the Business mission and objectives
  • Define a repeatable approach to understand requirements and make meaningful decisions within the complexity of the modern Enterprise
  • Inform the way the Security team approaches their work and frame the questions they ask
  • Create a common structure, a common language, common principles, and a common means by which diverse specialists can collaborate, interact, and make decisions
  • Integrate and align in a security context, the diverse Enterprise methods, frameworks, and standards, whatever they are, whatever they become
  • Balance the need to protect what matters while embracing innovation in a coherent, holistic, systemic way
  • Deploy techniques to resolve complexity and deliver clarity of risk ownership, governance, and policy
  • Define and articulate what Security means and what it must achieve in your unique Enterprise context
  • Create a stakeholder engagement and communications technique to cross the chasm between Business and Security
  • Apply a method to model Business Requirements as normalised, measurable, demonstrable, re-usable, reportable requirements for Security
  • Demonstrate the ability to understand what matters most, articulate it, and validate it with stakeholders at all levels in the most instinctive way possible
  • Overcome the legacy of Security as a constraint to progress, innovation, and change
  • Transform perceptions into those of a pro-active, beneficial, and Business-enabling function
  • Answer the important “So what?” questions
  • Understand what stakeholder success looks like and how to support it
  • Demonstrably contribute to Business and client success
  • Provide traceability that requirements are met
  • Ensure transparency of solutions value
  • Develop the capability to identify and assess real value from supplier snake oil, magic silver bullets, and claims that one-size-fits-all
  • Deliver in-context measures, metrics, and reporting
  • Architect Security Risk in the context of Business Risk
  • Achieve an appropriate balance between realising opportunities for gain while minimising loss
  • Apply an architecturally structured and comprehensive approach
  • Integrate and align risk silos to holistically embed risk management into all levels and perspectives of Enterprise
  • Traceably align risk management activities to Enterprise context
  • Customise ‘risk thinking’ to be instinctive to the Enterprise culture
  • Provide a method to include and engage Stakeholders at all levels in meaningful terms 
  • Deliver clarity and certainty of risk ownership
  • Empower risk owners to make objective and proportionate risk decisions in-context
  • Cater for the systemic, interconnected, interdependent nature of risk complexity
  • Create an ability to clearly define risk appetite
  • Distribute Business risk appetite downwards to specialist technical areas, and report risk performance upwards to Business
  • Define clear dominions of authority
  • Understand and communicate the dependencies and inter-dependencies of authorities both internally and externally in a complex interacting Enterprise
  • Resolve the competing and conflicted interests of authorities
  • Allocate and enact clear Accountability
  • Allocate and enact clear Responsibilities
  • Define the necessary channels and types of communication required between Accountable and Responsible parties
  • Understand trust requirements and enable trusted relationships
  • Transform a rules-based enforcement culture with policy that is advocated and embraced
  • Ensure policy is Business-driven and clearly embeds and supports stakeholder objectives
  • Overcome constraints to policy success
  • Create a simplified structure that is easy to maintain and adaptable to change
  • Provide an integrated and holistic Architectural policy structure that embeds control and enablement objectives for what really matters, with dominions of authority for what matters, and clearly defined authority, roles, and responsibilities
  • Resolve the strategist’s eternal dilemma – how to turn strategy into reality
  • Provide a method to translate ever-changing complex requirements into a definitive Security Strategy 
  • Specify the Security Roadmap to deliver the Strategy through prioritised actionable transformations, programs, and solutions
  • Ensure that the roadmap encompasses requirements for strategic transformation, remediation of current-state issues, and has the capability to adapt to changing circumstances and priorities
  • Create a problem-solving framework for dealing with tomorrow’s problems

Who Should Attend?

CISO reports
Security Management
Security Architects
Risk Professionals
Governance Professionals

Additional Information

Duration: 2 days
Certificate of Attendance
Pre-requisites: There are no pre-requisites to attendance. The SABSA Methodology will be referenced but no SABSA knowledge or experience is necessary.

Transforming CISO Success Dates


17sep(sep 17)9:00 am18(sep 18)5:00 pmTransforming CISO SuccessLondon


29oct(oct 29)9:00 am30(oct 30)5:00 pmTransforming CISO SuccessAmsterdam


14nov(nov 14)9:00 am15(nov 15)5:00 pmTransforming CISO SuccessSydney


11dec(dec 11)9:00 am12(dec 12)5:00 pmTransforming CISO SuccessMelbourne