A SecurityWeek Event


An Exclusive Executive Forum Focused on
Information Security Leadership and Strategy

September 13-14, 2022

2021 CISO Forum Presented by


2021 Diamond Sponsors


2021 Platinum Sponsors


2021 Gold Sponsors


Silver Sponsors


2021 CISO Forum

SecurityWeek’s CISO Forum takes place annually at the beautiful Ritz-Carlton, Half Moon Bay, which has served as the venue of the forum since 2014.

Given the global situation resulting from the COVID-19 pandemic, SecurityWeek’s 2021 CISO Forum, Presented by Cisco, will take place virtually. Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, specific zones & sponsor booths.

This  event is designed for security leaders to discuss, share and learn information security strategies. (Register)

Visit Here for the Latest Event Updates for the Virtual Edition

An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

September 14-15, 2021
Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Topics Include:

  • Fireside Chat: Adrian Stone: VP, CISO at Peloton
  • Winning Hearts and Minds on the Board
  • Designing and Architecting Security for a Hybrid World
  • CISO Panel: Navigating SBOMs and Supply Chain Security Transparency
  • Panel: CISO’s Guide to Building a Security Dream Team
  • Panel: The Top 5 Priorities of the Modern CISO
  • Defenders Playbook for Attack Simulation and Security Posture Validation
  • Virtual Expo and Networking
  • Identity-Focused Security for Your Zero Trust Journey
  • Winning Hearts and Minds on the Board
  • Securing Our Cloud Environment Against Hackers
  • Key Insights to Prevent Never-Before-Seen Cyber Attacks
  • SASE Industry Trends
  • Measuring Security and Building Trust with Leadership: Enabling Transformation Through Testing
  • How DevOps Can Make AppSec Testing Seamless
  • Addressing Sophisticated Supply Chain Attacks Head On with No Source Code Required
  • Much more! – Add to Calendar

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Adrian Stone

Adrian Stone


Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

VP, Security Engineering

Caleb Sima

Caleb Sima


Allan Friedman

Allan Friedman (Invited)

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI

Fredrick Lee

Fredrick ‘Flee’ Lee

Chief Security Officer

Shaila Shankar

Shaila Shankar

SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe


Aanchal Gupta

Aanchal Gupta

VP, Azure Security

Lena Smart

Lena Smart


Sounil Yu

Sounil Yu


Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert




September 24-26, 2019


1 Miramontes Point Rd, Half Moon Bay, CA 94019


+ 1 (650) 712-7000

Five Secrets for Higher Performing CISOs

02/10/2017 0

(SecurityWeek) – IANS Research has developed a model designed to help chief information security officers to maintain their inherent promise: that is, “to safeguard critical assets across space and time.”

 This model, which it calls CISO Impact, rests on two fundamental capabilities: technical excellence and organizational engagement. The former involves eight domains from access control to incident response; while the later includes seven factors from running infosec like a business to getting Business to own the risk.

From this model, combined with insights from more than 1,200 high-performing CISOs and information security teams, IANS has developed what it terms ‘The 5 Secrets of High-Performing CISOs’.

“The connected world is a dangerous place,” says Stan Dolberg, chief research officer at IANS Research, “and because of this, CISOs and their teams must lead their organizations to adopt safe business practices. However, the challenge remains that many CISOs are leading from a position of little authority or influence. The CISO Impact diagnostic provides specific ways for CISOs to assert information security leadership skills that are commonly found in organizations one step ahead on the maturity curve. Our goal is to inform, contextualize and prioritize where to invest skills, practices, and technologies. Armed with this strong guidance, CISOs can chart their own paths to leadership.”

Put bluntly, the purpose of this report is to help lower performing CISOs to perform better through using the methods already used by high performing CISOs. The five secrets to achieving career success are: 

  • Lead without authority

  • Embrace the change agent role

  • Don’t wait to be invited to the party

  • Build a cohesive cyber cadre

  • It’s a 5 to 7-year journey to high impact

Each of these ‘secrets’ is discussed in the report and supported by statistical research evidence. For example, 100% of high performers lead despite having no authority, using “persuasion, negotiation, conflict management, communication, education.” Only 3% of low performers succeed in this.

For the second ‘secret’, the report states, “High-performing CISOs know the value of engaging to drive change,” says the report. “In the CISO Impact data, 3 out of 4 of high performers embrace this approach, compared to 1 in 20 of the low performers. To embrace this role, know the business, know yourself, and get ready to ‘make lemonade’.”

The third secret is not so widely adopted by the high performers. “More than half of high performers in the CISO Impact data set didn’t wait for executives to have an epiphany that security matters,” states the report. “They leveraged the power of simulation to generate the emotional experience of loss or compromise that is fundamental to an engaged executive team.” Less than 1% of low performers did similar.

In secret 4, “High performers patiently assemble and train more than a team — they culture a cyber cadre.” This approach is adopted by 85% of high performers; but by only 1.4% of low performers.

The fifth secret warns that there is no quick fix. “Five to seven years is a realistic time frame for building the trust, the program, the team, and the value of information security to the point where information security is baked in.” 

These five secrets provide excellent advice for improving company security and enhancing CISO careers. As stand-alone research, however, the report has several problems. The first is the distinction between a high performer and a low performer. The second is that it is easier to be a high performer in some companies than it is in others. 

Martin Zinaich (CSSLP, CRISC, CISSP, CISA, CISM and more) is information security officer for the City of Tampa, comments: “‘You must lead without authority’ — that is so very true! You have to do that both technically and from an organic business integration standpoint. Yet,” he told SecurityWeek, “the study shows that 60% of high performing security leaders report into risk and business roles (that have authority) — and 95% of lower performing CISOs report to the CIO (where they don’t). Those two stats show the simple reality that it is very difficult to lead without authority. Almost every non-technical safe corporate wide business practice I have seen where the CISO is lacking authority has come via post breach, regulations or working with the Audit department.”

The danger for research statistics is that some of the low performers could be high performers in a different company with more resources and/or a more receptive C-Suite. 

A similar issue occurs in the fifth secret; that is, ‘it’s a 5 to 7-year journey to high impact’. The reality is that few CISOs will remain in one position for that long — in fact, it is probably only the high performing CISOs already occupying a high-flying position with a security-aware company that will do so.

Such concerns, however, only impact the statistical difference between high and low performing security officers. The basic arguments contained within the five secrets remains quality advice for any CISO who wants to better secure his organization and improve his career potential.

The IANS Research report, “The 5 Secrets of High-Performing CISOs” will be presented at the RSA Conference next week.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe for Event News