The Executive Office of the CISO (EOC) team is uniquely structured and staffed by highly experienced individuals who have been CISOs and developed or implemented cybersecurity programs in a variety of industries. This includes extensive experience with financial institutions, manufacturing, retail, and government organizations. In addition to our CISO level expertise, members of the EOC team have held a variety of previous positions including CTO, Privacy Officer, CIO, lead IT security, consulting and infrastructure practices and IT Auditor. 

cyber-security

The Executive Office of the CISO offers two primary services – Security Workshops and Virtual CISO services.

Let us start by saying – we get it.
We live and breathe security, and we know your job isn’t easy.

Do any of these statements sound familiar?

  • The assessment feedback I got doesn’t reflect my business needs
  • I wish I could just sit down with someone who has been there and done that to solve the problem
  • Product company assessments lead to…surprise surprise…their product sale
  • I need help prioritizing what to do first
  • I need a plan that’s realistic for my organization, not just a templated report

We thought so, and that’s why we highly recommend engaging with an HG Security Workshop before jumping into your next complex security tool installation or service engagement.

HG’s Security Workshop Approach

  • Select Leadership – Led by experienced senior executives & practitioners
  • Deep-Dive Sessions – Meaningful sessions with custom agendas that you approve
  • Herjavec Group On-Site- 2-3 virtual or on-site sessions followed by remote research & partnership
  • Concise recommendations – Customized strategy & product recommendations
  • Actionable roadmap plan – solidify action-items before service or product investment

 

Available Workshops:

  • Security Program Strategy
  • Security Metrics
  • Security Tools Optimization
  • Risk Management
  • Vulnerability Management
  • Identity and Access Management
  • Vendor Management
  • Data Protection
  • Cloud Architecture

HG Security Workshops Are Based On Your Organization’s:

Why Choose HG For Your Security Workshop

  • Our Security Workshops are led by Senior Executive Practitioners with real-world experience and track records of success in security leadership roles.
  • We recognize that no two organizations are alike in their business goals, operational risks, risk appetite
    and resources.
  • We have designed our workshops to set your team up for success as you prioritize your security strategy, service needs and technology investments.

Choose one of our Security Workshops below or engage with an HG Security Specialist if you have a custom request.

Security Program Strategy Workshop

This workshop is designed to assist our clients by providing advisory services in specific areas of their information risk and cyber security programs. No two organizations are alike in their business goals, operational risks, risk appetite, and resources.  Herjavec Group will assess if your existing security program capabilities meet business goals while evaluating threats to the organization, and your current technology stack. In this workshop we review the client business environment, IT strategy and initiatives, and current state of the security program. The goal is to identify opportunities for aligning the security strategy to the business, identify gaps, relevant risks, and present a strategic cybersecurity program roadmap.

Cyber Risk Management Workshop

This workshop is designed to assist our clients in the unique and highly customized challenge of managing cyber risk. The goal of this workshop is to walk through existing risk management practices that are in place, determine current gaps, ultimately what data is presented to executive stakeholders regarding cyber risk.

Security Metrics Workshop

This workshop is designed to assist our clients in the unique and highly customized challenge of leveraging existing technical tools to provide decision support metrics to various stakeholders within the organization. The goal of this workshop is to inventory sources of operational raw data, understand existing operational reports from tools, determine what data supports operational intelligence and program health information, and ultimately what data is presented to executive stakeholders regarding enterprise security performance.

Vendor Management Workshop


This workshop will dive into the steps necessary to screen potential vendor candidates or existing vendors via a categorization process. Discussions on your organization’s current vendor risk management process and tiered ranking methodology. Ultimately, the goal is to provide a Vendor Risk Management methodology that is risk based and repeatable.

Security Operations Workshop

This workshop is designed to assist our clients an understanding of the current security operations in their organization and how the technologies (i.e. SIEM, firewalls, end point protection, etc.) are being used. The goal of this workshop is to identify your organisation’s current operational capabilities, identify capability overlaps, gaps, opportunities for consolidation, and efficiency/deployment considerations.

Application Security Workshop

This workshop is designed to assist our clients by providing advisory services in relating to the information and cyber security risks in the application development programs. The goal of the Application Security Workshop is to assist with development and maturity of the application security program by understanding what application development standards and processes are being undertaken today and how it is being performed. For example, workshops sessions will include, Application Environment Review and Application Security Tools & Capabilities Maturity review, to get an understanding of the current state of the secure software development lifecycle, tools and expertise inventory, risk prioritization, remediation, and compensating controls.

Data Protection Workshop

This workshop is designed to assist customers by providing advisory services in security risks and threats to the organization’s crown jewels. We will dive into many areas of your infrastructure to understand where data is located, how it is moving, and how it is handled. The goal is to develop a roadmap for improving the data protection program and ensure alignment with the business environment. 

Cloud Architecture Workshop

This workshop is designed to assist our clients with their cloud environment and related security posture. Cloud Architecture is a broad topic with many different business constraints, regulatory concerns, and technologies involved. It is also one of the most high-risk and failure-prone aspects of an information security program, specifically due to misconfiguration of cloud systems and devices. The goal of this workshop is to identify current state of the cloud strategy & architecture, identify gaps, and recommend a secure cloud architecture roadmap.

Security Technology Optimization Workshop

This workshop is designed to assist our clients with an understanding of the security technologies in their unique and highly customized organisation. In addition to the specific technologies being used the discussions include current implementation and use, pain points, etc. The goal of this workshop is to identify the client’s current technology capabilities, identify capability overlaps, gaps in capability, opportunities for consolidation, and efficiency/deployment considerations. For each of the technology sessions we will review the technology stack, as well as the tools integration & pain points. 

Accelerate Your Advisory Services with Herjavec Group