The CISO View
The CISO View
Module 1 introduces the concept of systems thinking and why it is useful in analyzing
cybersecurity operational challenges across the four sectors we will explore in this
course.
This course aims to show you important sectors impacted by cybersecurity issues -
Industry, Government, Military - and help you to begin to compare and contrast their
cultures, missions, operational challenges, and unique aspects of working in information
security within them.
Dr. Endicott-Popovsky has interviewed four very successful CISOs representing those
sectors. She will ask them the same questions about their career trajectories, their tool
kits, and their challenges. The intent is to present these "mentors" side-by-side so you
can draw some conclusions about how compatible you might be with a certain sector
approach.
Your job is to listen carefully, take notes using the provided template, and build a
takeaway document for yourself with valuable insights gained from these leaders.
True or False? Operationalizing cybersecurity involves all of the same measures, across the
sectors.
TRUE
FALSE
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
True or False? The military sector involves an almost purely technical approach to
cybersecurity.
True
False
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
TRUE
FALSE
unanswered
What is systems thinking? It's evolution began several decades ago, but today's
accepted definition is, a cognitive approach that attempts to look at the whole of a
system by better understanding its components and how they interact and impact each
other.
Peter Senge, a major thinker in the area, uses the analogy of a family when describing
systems thinking - emphasizing that inter-relatedness and shared impacts are at the
core of systems. One core concept of systems theory is that the whole is greater than
the sum of its parts. This could not be more true when it comes to conceptualizing the
whole of cybersecurity threat.
In this course, we will look at the interconnected yet disparate missions of Industry,
Government, Military and Academic sectors through this lens. This is an introduction, so
please consider there are many things to learn beyond this course, which is designed to
whet your appetite for thinking!
Introductory Resource - Peter Senge video and overview of the core concepts of systems
thinking
* Focus on this paper's Introduction, but if you are interested, continue to read the whole
paper.
HINT: Take a look at the Introduction to the MIT working paper by Hamid Salim. Consider
the writer's thesis in thinking about how a systems approach operates in this
context: [The] limitations of technical approaches are not because of inherent problems
with those approaches, but because technical approaches address only a subset of
cyber security risks.
For this course, you will benefit from the perspectives of four CISOs from very different sectors
(starting next, in Module 2): Industry, Academia, Military, and Government. The goal of this
course is to help you build your own decision-making matrix based on information about the
sectors’ tool kits – showing what the sectors demand in their tool kits, their missions, and how
they relate to job requirements.
You can then begin to compare the sectors’ requirements with your own talents and existing expertise,
and start to think about your “swim lane”.
As you watch each video, use this template to capture valuable insights toward an end goal to
build a matrix comparing and contrasting the sectors, at-a-glance.
Step 1: Take notes from the videos, tracking on the keywords and parallel structure of the interviews.
After each video, I suggest you take time to look at your notes and begin to gauge your comfort
level with the key distinguishing features of each sector. Try to align your talents, strengths,
passions and goals to the sector, and find areas where you might be challenged
However, don’t be hasty! Take notes on all sectors before drawing deeper conclusions!
Step 2: Finalize your matrix for the sector , following the questions in the columns.
Step 3: Participate in the Peer and Self-Assessment exercises linked to each Module. The
assessments will guide you, and a rubric will be provided.
Reminder: Your final assessment for this course consists of the Knowledge Checks interspersed
throughout the course, and five of these peer and self-assessment. Remember to follow the guidelines in
providing your peers valuable input, and to review two peers.
What was the CISO’s Features of this Sector (Culture, What did I find most My early thoughts on
career path? practices, history, rule and compelling, surprising this sector and my
tools) that make it unique, as about this sector and compatibility with it
pointed out by the CISO. this CISO's advice?
Thinking Exercise 1
Bookmark this page
Systems thinking involves critical thinking in its need for openness, flexibility, and rigor.
In preparation for a brief peer-review exercise, please review this presentation, Be Like
Water: Applying Analytical Adaptability to Cyber Intelligence by Jay McAllister at a
2017 RSA conference.
Focus on the main elements and particularly on slide 29's organization around three
steps. Then, proceed to the Thinking Exercise.
This assignment has several steps. In the first step, you'll provide a response to the prompt. The
other steps appear below the Your Response field.
1. Your Response
due Jan 1, 2029 05:45 +0545 (in 10 years, 8 months)IN PROGRESS
Enter your response to the prompt. You can save your progress and return to complete
your response at any time before the due date (Monday, Jan 1, 2029 05:45 +0545). After
you submit your response, you cannot edit it.
1. The prompt for this section
In the presentation you just reviewed, Be Like Water, the author lays out the core traits
of successful, effective cybersecurity thinkers. He ties these traits to the analytic
framework (slides 22-25), and the three-step process to holistically assessing threats
(slide 29).
Here, in an essay of 100 words or so (no more than a page, typed), describe what you
think the overlapping features of critical and systems thinking are in relationship to this
presentation's assertions. Consider a recent news story about a cyber attack or a
scenario with which you are professionally familiar, and apply 1-3 of the core features to
this scenario. How could a professional armed with a strong thinking style mitigate a
threat?
You will be asked to review two peers, and you will be reviewed by two peers. 20 points
possible.
domains of competency
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
True or False. Everyone in a corporate security organization reports directly to the CISO.
TRUE
FALSE
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
Multiple Choice
1 point possible (graded)
Boni notes that the TMobile cybersecurity technology office addresses emerging
technologies'_______________
basic structures
possible threats
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
What is unique to industry among the cybersecurity sectors, as related to mission focus? Check
all that apply.
public security
shareholder interest and brand protection
unanswered
Consider this article about threats to the cyber security of the grocery industry from Forbes,
June 2017. The angle of the article is more from the business perspective, but what can
you pick out about how a cybersecurity plan should be operationalized given the threats
this industry faces?
Discussion Prompt:
Apply some systems thinking. What are the interconnected parts of this system? How is
the grocery industry related to society? What are its drivers that could impede a strong
cyber security strategy?
What did TMobile CISO Bill Boni point out in his interview that resonates here?
Here is a template you can use to build your matrix. You can continually add to one, or
you might prefer to create a separate chart for each sector. Regardless, at the end, you
should be able to see a high-level overview of your impressions as this course presents
the views from the top of four sector CISOs. This module, we begin with the Industry
perspective.
English degree
Military Police officer
Communications
officer (many were
converted to
cybersecurity)
Driven by policy
Practices:
Tech: Technology specialists
in high demand to support
leadership. Leadership does
not necessarily require
technical expertise.
1. Your Response
due Jan 1, 2029 05:45 +0545 (in 10 years, 8 months)IN PROGRESS
Enter your response to the prompt. You can save your progress and return to complete
your response at any time before the due date (Monday, Jan 1, 2029 05:45 +0545). After
you submit your response, you cannot edit it.
1. The prompt for this section
This Module, you begin the core assessment of the course - your peer and self-evaluation
of your building matrix of observations about the sector interviews. We start with
Industry. In this open response assignment, follow the steps carefully. Either upload a
PDF version of your matrix, or a summary of the category responses for peer and self-
evaluation. Use the provided Rubric to assess two peers.
Your response (required)
While at the NASA Jet Propulsion Lab, Mike Hamilton was told he needed to work to secure
networks because the internet was starting to become ________________.
infiltrated
commodified
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
firewalls
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
Early in his career, Hamilton did a lot of ________________ that led to expertise.
hacking
experimentation
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
True or False. Hamilton has found policy to be a non-integral part of his work. It was the
technology experimentation and entrepreneurial spirit that led to his success.
TRUE
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
In operationalizing cybersecurity for a local government, it's important to adhere to the same
rules and regulations that govern at the federal level.
Somewhat true
Not true
Very true
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
Hint
Hamilton faced a crisis in his time with Seattle when attackers wanted to target
________________ who brokered purchases of power from other states when snow melt was
insufficient to feed the Seattle grid.
power marketers
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
Hint
Using the template provided earlier, either add to or create a fresh Government matrix
overview of your impressions after viewing the interview with Mike Hamilton. Then,
participate in the peer and self-assessment exercise.
This assignment has several steps. In the first step, you'll provide a response to the prompt. The
other steps appear below the Your Response field.
1. Your Response
due Jan 1, 2029 05:45 +0545 (in 10 years, 8 months)IN PROGRESS
Enter your response to the prompt. You can save your progress and return to complete
your response at any time before the due date (Monday, Jan 1, 2029 05:45 +0545). After
you submit your response, you cannot edit it.
1. The prompt for this section
This Module, you continue the core assessment of the course - your peer and self-
evaluation of your building matrix of observations about the sector interviews. We
continue with Government. In this open response assignment, follow the steps carefully.
Either upload a PDF version of your matrix, or a summary of the category responses for
peer and self-evaluation. Use the provided Rubric to assess two peers.
Your response (required)
Colonel Gent Walsh got his start in his career as a(n) ________________.
English instructor
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
True
False
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
Walsh says military cybersecurity is organized around the OODA loop, which stands for
__________ _____________ ___________ ____________.
Observe, Orient, Decide, Act
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
Due to the way Department of Defense networks are configured, in the National Guard, the
approach is focused on ________________________.
enterprise management
firewall management
departmental specialization
unanswered
Submit
Some problems have options such as save, reset, hints, or show answer. These options follow the Submit
button.
When he says, "Our battlefield is at the front line of every corporate network," Walsh means
_______________________________.
the military focus should be only on protecting industry, because that is where the main
threat lies.
unanswered
We can also, here in Discussion, ask for international perspectives. If you are a student
from a country other than the U.S., how does this strategy's core components and tone
compare to that of your home country (if a similar strategy is made public)?
Discuss: After viewing the interview with Col. Walsh, then reading this DoD strategy at a
high level, what is noticeable? To start, examine what the document and Col. Walsh say
about the military's core mission.
1. Using the template provided earlier, either add to or create a fresh Government matrix
overview of your impressions after viewing the interview with Mike Hamilton. Then, participate
in the peer and self-assessment exercise.
2.
PEER AND SELF-EVALUATION OF MATRIX - MILITARY
This assignment has several steps. In the first step, you'll provide a response to the prompt. The
other steps appear below the Your Response field.
1. Your Response
due Jan 1, 2029 05:45 +0545 (in 10 years, 8 months)IN PROGRESS
Enter your response to the prompt. You can save your progress and return to complete
your response at any time before the due date (Monday, Jan 1, 2029 05:45 +0545). After
you submit your response, you cannot edit it.
1. The prompt for this section
This Module, you continue the core assessment of the course - your peer and self-
evaluation of your building matrix of observations about the sector interviews. We
continue with Military. In this open response assignment, follow the steps carefully.
Either upload a PDF version of your matrix, or a summary of the category responses for
peer and self-evaluation. Use the provided Rubric to assess two peers.
Your response (required)
After viewing ALL videos, compare and contrast the commonalities and differences in the tool kits
needed for each sector.
Synthesize your own takeaways from each sector (you can use the template below or create your own),
then participate in a final course discussion.
In the Discussion, tell your peers: My takeaway from the course videos and resources has led me to think
I might be most compatible with _______________(sector). Or, explain why you have not been able to
narrow to any particular sector. Where do you see yourself going?
Private
industry
Government
Military