The Executive Office of the CISO (EOC) team is uniquely structured and staffed by highly experienced individuals who have been CISOs and developed or implemented cybersecurity programs in a variety of industries. This includes extensive experience with financial institutions, manufacturing, retail, and government organizations. In addition to our CISO level expertise, members of the EOC team have held a variety of previous positions including CTO, Privacy Officer, CIO, lead IT security, consulting and infrastructure practices and IT Auditor.
The Executive Office of the CISO offers two primary services – Security Workshops and Virtual CISO services.
Let us start by saying – we get it.
We live and breathe security, and we know your job isn’t easy.
Do any of these statements sound familiar?
- The assessment feedback I got doesn’t reflect my business needs
- I wish I could just sit down with someone who has been there and done that to solve the problem
- Product company assessments lead to…surprise surprise…their product sale
- I need help prioritizing what to do first
- I need a plan that’s realistic for my organization, not just a templated report
We thought so, and that’s why we highly recommend engaging with an HG Security Workshop before jumping into your next complex security tool installation or service engagement.
HG’s Security Workshop Approach
- Select Leadership – Led by experienced senior executives & practitioners
- Deep-Dive Sessions – Meaningful sessions with custom agendas that you approve
- Herjavec Group On-Site- 2-3 virtual or on-site sessions followed by remote research & partnership
- Concise recommendations – Customized strategy & product recommendations
- Actionable roadmap plan – solidify action-items before service or product investment
Available Workshops:
- Security Program Strategy
- Security Metrics
- Security Tools Optimization
- Risk Management
- Vulnerability Management
- Identity and Access Management
- Vendor Management
- Data Protection
- Cloud Architecture
HG Security Workshops Are Based On Your Organization’s:
Business Priorities & Goals
Enterprise Maturity
Security
Controls
Risk
Profile
Why Choose HG For Your Security Workshop
- Our Security Workshops are led by Senior Executive Practitioners with real-world experience and track records of success in security leadership roles.
- We recognize that no two organizations are alike in their business goals, operational risks, risk appetite
and resources. - We have designed our workshops to set your team up for success as you prioritize your security strategy, service needs and technology investments.
Choose one of our Security Workshops below or engage with an HG Security Specialist if you have a custom request.
Security Program Strategy Workshop
This workshop is designed to assist our clients by providing advisory services in specific areas of their information risk and cyber security programs. No two organizations are alike in their business goals, operational risks, risk appetite, and resources. Herjavec Group will assess if your existing security program capabilities meet business goals while evaluating threats to the organization, and your current technology stack. In this workshop we review the client business environment, IT strategy and initiatives, and current state of the security program. The goal is to identify opportunities for aligning the security strategy to the business, identify gaps, relevant risks, and present a strategic cybersecurity program roadmap.
Cyber Risk Management Workshop
This workshop is designed to assist our clients in the unique and highly customized challenge of managing cyber risk. The goal of this workshop is to walk through existing risk management practices that are in place, determine current gaps, ultimately what data is presented to executive stakeholders regarding cyber risk.
Security Metrics Workshop
This workshop is designed to assist our clients in the unique and highly customized challenge of leveraging existing technical tools to provide decision support metrics to various stakeholders within the organization. The goal of this workshop is to inventory sources of operational raw data, understand existing operational reports from tools, determine what data supports operational intelligence and program health information, and ultimately what data is presented to executive stakeholders regarding enterprise security performance.
Vendor Management Workshop
This workshop will dive into the steps necessary to screen potential vendor candidates or existing vendors via a categorization process.Discussions on your organization’s current vendor risk management process and tiered ranking methodology. Ultimately, the goal is to provide a Vendor Risk Management methodology that is risk based and repeatable.
Security Operations Workshop
This workshop is designed to assist our clients an understanding of the current security operations in their organization and how the technologies(i.e. SIEM, firewalls, end point protection, etc.) are being used. The goal of this workshop is to identify your organisation’s current operational capabilities, identify capability overlaps, gaps, opportunities for consolidation, and efficiency/deployment considerations.
Application Security Workshop
This workshop is designed to assist our clients by providing advisory services in relating to the information and cyber security risks in the application development programs. The goal of the Application Security Workshop is to assist with development and maturity of the application security program by understanding what application development standards and processes are being undertaken today and how it is being performed. For example, workshops sessions will include, Application Environment Review and Application Security Tools & Capabilities Maturity review, to get an understanding of the current state of the secure software development lifecycle, tools and expertise inventory, risk prioritization, remediation, and compensating controls.
Data Protection Workshop
This workshop is designed to assist customers by providing advisory services in security risks and threats to the organization’s crown jewels. We will dive into many areas of your infrastructure to understand where data is located, how it is moving, and how it is handled. The goal is to develop a roadmap for improving the data protection program and ensure alignment with the business environment.
Cloud Architecture Workshop
This workshop is designed to assist our clients with their cloud environment and related security posture. Cloud Architecture is a broad topic with many different business constraints, regulatory concerns, and technologies involved. It is also one of the most high-risk and failure-prone aspects of an information security program, specifically due to misconfiguration of cloud systems and devices. The goal of this workshop is to identify current state of the cloud strategy & architecture, identify gaps, and recommend a secure cloud architecture roadmap.
Security Technology Optimization Workshop
This workshop is designed to assist our clients with an understanding of the security technologies in their unique and highly customized organisation. In addition to the specific technologies being used the discussions include current implementation and use, pain points, etc. The goal of this workshop is to identify the client’s current technology capabilities, identify capability overlaps, gaps in capability, opportunities for consolidation, and efficiency/deployment considerations. For each of the technology sessions we will review the technology stack, as well as the tools integration & pain points.
Accelerate Your Advisory Services with Herjavec Group
- We offer a hands-on, flexible approach, tailored to meet your organization’s uniqueness and requirements.
- From Advisory Services to Identity & Access Management and Incident Response, we have expertise in comprehensive security services to support your enterprise.
- We can review your organization’s existing control framework, identifying where you are most vulnerable to cyber threats through penetration tests, social engineering assessments, red-teaming operations, and more.
- We have decades of experience in Payment Card Industry (PCI) compliance, risk and security frameworks (ISO, NIST), and expertise in emerging privacy domains like GDPR.
- We’ve been recognized industry-wide as a cybersecurity expert – #4 on MSSP Alert’s Top 250 MSSPs, IDC Security Services Leader and Security Company of the Year from Cyber Defense Magazine.