Colin Anderson, an 18-year CISO (Safeway, Levi Straus, & Dayforce) and winner of the (Global) CISO100 award for the last FIVE years, has agreed to co-present a three-day workshop that is focused on getting CISO’s beyond the “Technical” & “Tactical”. Colin & I will provide you with both the knowledge and the personalized takeaways that you can immediately start using with your BOD & senior leadership.
Our customized InfoSec policy, Colin’s BOD presentation library, & my customized SIEM correlation logic deliverables alone (there are more) are worth more than the $10K price tag.
Last fall when I was developing a website for my new (post layoff) boutique consultancy, I reached out to Colin for his input regarding pricing and content. I’ve known Colin since our days at Pacific Bell Network Integration (PBNI) back in the late 90’s. The “Advanced Program” workshop caught his attention.
Over the last decade with Dell Secureworks, I worked with literally hundreds of CISO’s / ISO’s / IS managers / etc. who were great folks, but they were too “Technical” & “Tactical”. Most CISO’s come up from the technical side of InfoSec. Because my CIRPs/TTXs were different from the rest of the consultants in my group: “Top Down”, “Risk Based” and “Business Focused” we would start each project by developing a Cyber Risk Narrative. For those clients who were publicly traded, this typically started with their Annual Report (SEC 10-K). This approach became more interesting after the SEC started requiring BOD Cyber Risk Oversight disclosures in Annual Reports (10-K) – or what I’ve been calling “the new era of BOD cyber risk oversight”.
I was very surprised at the number of InfoSec managers who lacked a “cyber risk narrative” for their enterprise. In some cases, it was the whole management team that was amiss. Over the last 10 years of leading on average one TTX per week, I had 6-12 instances per year where the management team would have a “Business Extinction risk epiphany” during my management TTX’s. Over the same period, there was at least an equal number of InfoSec leaders who would look at my cyber risk narrative and ask: “Where did you get this information?”.
Colin agreed. He mentioned that the few CISOs out there who have both the technical and business acumen are “unicorns”. He liked the website and told me to raise my prices. We ended our call as I always do when I come asking someone for a favor: “How can I help you?”. Colin had to jump on another call, but we set up a follow up call the next week to discuss that.
That next week, Colin said he not only really liked what I was proposing on my website, but that he would like to co-present the “Advanced Program” with me. Neither one of us is in it for the money, but we both felt this was really needed within the InfoSec community. He felt he could provide his experience as a CISO, working with BODs, and combine that with my “Top Down” methodology. And while my application of the methodology for the past 10+ years was primarily focused on building CIRPs/TTXs, it could easily apply to your preventative and detective InfoSec controls. As a matter of fact, there were a handful of Secureworks clients that I worked with on a Time & Materials basis in which we did just that. We’ll discuss what they learned during the workshop.
Colin also appreciated all the great locations for these workshops. “Work from Home” transitioned to “Work from Anywhere” for me about 5 years ago and these are the locations I continue to “work from anywhere” from.
We shared a similar vision:
- A small group, no more than 15 participants – name, title, industry and hopefully some candid conversations about their challenges. This is how I stay current as a consultant.
- “Actionable” deliverables that my team will customize prior to your arrival so you can “hit the ground running” when you get back to the office.
- Travel Monday & Friday. The workshop is on Tuesday, Wednesday, and Thursday.
- Great locations. Maybe stay a little longer with your ‘significant other’ and get a life. I’ve been a regular “digital nomad” at these places for years. I’ll give you some great recommendations.
- Modest cost. $10K seemed like a reasonable price. We do have expenses to cover.
- There are 8 workshops in 2026, and the locations are incredible. These include Paris, London, NYC, and Hawaii (at a time when Australia is at its warmest). Omaha in early November is the exception; but it is also the most affordable travel-wise (for those of you on a budget).
- I would also strongly encourage those of you who just can’t imagine being out of the office for three whole days to try the European locations in May & September (shoulder season). Workshop during the day and remote work starting around 4:00 PM. If your company balks at the extra cost of international travel – we can discuss some sort of discount to cover that.
- If someone else on your management team is interested in attending, and there is space available, we might have them join for free.
- And… If your CIRP is one of those “Tactical” / “Technical” documents that proliferate the industry, NIST (800-61 rev3) is recommending you upgrade your CIRP: “Revision 3 integrates incident response into broader cybersecurity risk management, emphasizing a strategic, ongoing, and business-aligned approach rather than a standalone technical lifecycle.” – I am conducting CIRP development workshops the week before the Advanced Program workshop.
More information on this topic is available on our Workshops page of this website.
Next week’s post: Why the (US) NIST says your “Technical / Tactical” CIRP is now insufficient….