Jump to content
Sign in to follow this  
Jack Whitsitt

Class Available: Bridging the Risk Management/Business Gap

Recommended Posts

As a follow-up to my blog post here in December, I wanted to mention a class I'll be offering in different U.S. throughout this year that helps define cybersecurity as a problem space, as discipline, and which attempts to fill in some of the larger gaps in the framework: Risk Management, Metrics, Communicating about Cybersecurity, etc.  Hopefully some of you will see value in attending; I think it is relatively unique content with an unusual perspective.


Overview: This 2-day class – one of several throughout the U.S. in 2015 – is intended for those leaders, decisions makers, and technologists who feel that they are lacking a usable bridge between the technology and business aspects of cybersecurity and wish to do more than simply build a standard security program and hope for the best.


Value: The instructor will use two common security frameworks (NIST and C2M2) alongside custom material (developed over 9 years and unavailable elsewhere) to provide students with the necessary cybersecurity, framework, and communication theory required to make practical improvements to their cybersecurity environments, including, potentially:

  • More effective management of the organizational behaviors outside of the CISO shop that lead to increased cybersecurity risk
  • Enhancement of the functioning and efficacy of security-specific programs and organizations
  • Development of appropriate, actionable metrics for all organizational levels, including the executive
  • Increased assurance that critical business success criteria are met despite ongoing cyber risk
  • More comprehensive plans to defend against specific external threats
  • Improved management of Perception, Communication, Scale, and Uncertainty risks associated with cybersecurity
  • Improved partnership and collaboration within and across organizations, public and private
  • Reduced gap between “Compliance” and “Security”
  • Easier, more effective development of custom formal and informal frameworks to bridge gaps between disciplines

Audience: The target audience for this class includes executives, security leaders, technology practitioners, architects, policymakers, lawyers, and other individuals interested in moving beyond industry and media hype to develop a broader understanding of both the problem space and discipline of “Cybersecurity” as it applies to their specific roles. 


Class will be tailored, within the constraints of the topic areas, to the backgrounds and needs of attendees.

The first day will focus on theory presentation and the second day will apply that theory to practical problems – some as requested by students - in a workshop environment.


Students should also be aware that, despite some use of jargon, no technical experience or security expertise is assumed and each class will be tailored to the experience levels of those in attendance wherever possible.



  • Phoenix, April 14-15
  • Minneapolis, June 16-17
  • Portland, August 11-12
  • Dallas, October 13-14
  • Nashville, November 10-11
  • Custom Dates and Locations Available



Share this post

Link to post
Share on other sites

The Phoenix class went well, for what it's worth. I encourage everyone to come out to the next one in Minneapolis.  We'll be looking at what it takes to create a business context that will create specific objectives and implementation details for NISTCSF and then use those to guide and prioritize security management through the use of C2M2 domains. 

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this