The Challenge

Is your security organization struggling with skills shortages, budgets, conflicting priorities, a complex IT security environment, a lack of stakeholder buy-in and internal customer adoption, or all the above?

Statistics collected from surveys described in the book “Rational Cybersecurity for Business” show that on average:

  • There’s a 25% chance your organization will experience a data breach this year
  • 61% of security staff aren’t very satisfied with their current job
  • 69% of CISOs complain senior management does not buy-in to security advice
  • 91% of CISOs find their role stressful

What if we fully accepted the notion that cybersecurity isn’t just a technical issue, it’s also a people and organizational challenge spanning the entire business?  Many security-related functions – legal, HR, compliance, audit, vendor management, and IT operations to name just a few – don’t report to the CISO. Security is an inherently cross-functional exercise requiring cross-functional teams. Unfortunately, according to the Harvard Business Review, 75% of cross-functional teams are “dysfunctional.”

However, the good news is that the same research found that with effective cross-functional governance, projects (including security!) could have a 76% success rate.

Simply put, by aligning with the business to improve security governance and culture, we can also increase senior management support and internal customer or stakeholder buy-in. We can reduce the odds of a breach in any given year. And we can do this in a way that increases job satisfaction across security teams, eases security leadership stresses, and enables the businesses they support.

The Solution

Based on the research and interviews conducted for “Rational Cybersecurity for Business,” the Rational Cybersecurity Workshop enables CISOs or security leaders to kick start or accelerate alignment through five key steps:

  • Gathering key security team members and stakeholders together
  • Familiarizing the audience with core cybersecurity-business alignment concepts
  • Facilitating rapid information exchange
  • Developing a short list of prioritized improvement objectives
  • Providing ongoing coaching.

The workshop builds on the book “Rational Cybersecurity for Business.” The book already embeds a Success Plan Worksheet process through which readers can self-assess key security priorities and map out improvement projects for alignment. The Workshop can kick start or strengthen your efforts while engaging key team players and stakeholders in the process.

Rational Cybersecurity for Business 





The Process

How the Rational Cybersecurity Workshop Process Works

 Prep Call with Project Sponsor to:

  • Customize workshop Agenda and Objectives
  • Explain key workshop roles
  • Identify stakeholder invitees, small group leaders

Full or Half Day Workshop Agenda Includes:

  • Tailored Review of Cybersecurity-Business Alignment concepts and priorities
  • Lightning Round stakeholder information exchange
  • Small group mixers
  • Plan 3 to 5 Alignment or Improvement Objectives
  • Identify key goals, metrics, action items for Improvement Objectives

Strong Follow-Up with:

  • Executive Readout of Workshop Proceedings
  • Tailored Rational Cybersecurity Success Plan
  • Coaching and progress review at the 30, 60, and 90-day marks

Workshop Modules can be Tailored to Alignment Priorities

Develop and Govern a Healthy Security Culture
  • Define what Rational Cybersecurity means for your business
  • Clarify security-related business roles
  • Share ideas on ways to improve security communications, awareness, and stakeholder buy-in
Mange Risk in the Language of Business
  • Understand how to manage risk in the language of business
  • Explore current practices and requirements
  • Align expectations for the Risk Program
  • Share ideas on ways to improve risk-related communications
Establish a Control Baseline
  • Explore current and required control frameworks or baselines
  • Review control priorities and architectures
  • Share ideas on new lines of defense, shared responsibility, or control tuning models
Simplify and Rationalize IT and Security
  • Explore current (or de facto) IT strategy and security road map
  • Understand multi-cloud governance concepts
  • Align expectations for DevSecOps, security championship programs, or service catalogs
Control Access with Minimal Drag on the Business
  • Discover IAM initiatives, teams, and stakeholders
  • Evaluate IAM, privacy, and data governance situation
  • Explore current (or de facto) IAM strategy and roadmap
  • Align expectations for IAM team(s) and initiatives
Institute Cyber-Resilient Detection, Response, and Recovery
  • Explore current cyber-resilience initiatives, teams, and stakeholders
  • Evaluate contingency planning, security monitoring, and incident response capabilities
  • Share ideas ideas on ways to coordinate monitoring, response, or recovery capabilities and roles

Or Tailored to Other Pressing Concerns or Projects

  • Security governance review, or change
  • COVID-19 IT security refactoring
  • Internal security team alignment
  • Security Steering Committee Tune Up

Contact Us for a
Sample Agenda


During these times of increased teleworking, we’ve optimized our methodology to conduct workshops 100% remotely.



At the conclusion of the workshop engagement, we provide your organization with:

Typical Alignment Outcomes

  • Buy-in among key team players and stakeholders on the need for change, or specific security initiatives
  • Alignment on 3-5 security program improvement objectives and your Rational Cybersecurity Success Plan
  • Increased probability that security projects will track the real business needs, succeed with cross-functional buy-in, reduce risk, and enable the business








Get Your Free Evaluation & Sample Workshop Agenda Today

Rational Cybersecurity Workshop Signup