Certified: The CCISO Audio Course

Security controls are not set-and-forget tools—they require ongoing oversight to remain effective. In this episode, we guide you through the lifecycle of a control, from initial requirement analysis …

Security metrics and key performance indicators (KPIs) are critical tools for evaluating the effectiveness of your security program. In this episode, we explain how to design, collect, and interpret …

Audit outcomes aren’t just internal affairs—they often need to be communicated to boards, regulators, and third-party partners. This episode focuses on how CISOs summarize and report audit results in…

Once an audit is complete, the focus shifts to interpreting and responding to findings—a process that can significantly impact your credibility and the organization’s risk exposure. In this episode, …

Unlike internal audits, external audits are driven by third parties, regulators, or clients—and come with heightened stakes and external visibility. In this episode, we explore the distinct challenge…

This episode breaks down the internal audit process from the perspective of a security executive. You’ll learn how internal audits are used to evaluate control effectiveness, assess risk posture, and…

In this episode, we take a comprehensive look at the major compliance standards and audit frameworks that govern information security practices across industries and geographies. You’ll gain insight …

After implementation, CISOs must continuously assess whether security controls are actually doing their job. This episode dives into the methodologies and metrics used to evaluate control effectivene…

Once controls are designed, the implementation phase is where strategy meets execution—and where leadership challenges often emerge. In this episode, we examine what it takes to operationalize contro…

Designing security controls isn’t just about selecting tools—it’s about architecting defenses that support business operations while addressing real threats. In this episode, we explore how CISOs app…

This episode introduces the foundational concept of security controls and explains their critical role in any enterprise cybersecurity program. You’ll learn how controls are used to mitigate risk, en…

Vendors can introduce significant security risks into your organization—and in this episode, we explain how CISOs assess, monitor, and manage those risks at scale. You’ll learn about the due diligenc…

Audit plays a vital role in validating that security governance structures are functioning as intended—and this episode teaches you how to prepare for, support, and learn from internal and external a…

In this strategy-focused episode, we guide you through aligning your security program with one or more established control frameworks. Whether your organization uses NIST CSF, ISO 27001, COBIT, CIS C…

Effective policy is the backbone of a sound security governance program. In this episode, we break down the entire lifecycle of policy development—from initial scoping and stakeholder input to review…

This episode focuses on the General Data Protection Regulation (GDPR) and what CISOs must understand about it to lead global privacy programs effectively. We explore the regulation’s core principles—…

In this episode, we explore the legal landscape that CISOs must navigate when managing information security programs. You’ll learn about the growing body of national and international laws that shape…

Compliance is more than just following rules—it’s about designing sustainable programs that meet regulatory expectations while supporting business objectives. In this episode, we break down the core …

Quantifying risk in financial terms is a vital executive skill, and this episode introduces the FAIR (Factor Analysis of Information Risk) framework to help you build that capability. We explain how …

This episode introduces the NIST Risk Management Framework (RMF) from an executive perspective, highlighting how it applies to both federal and private sector environments. We walk through the six co…