Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The CISO Workshop is one of our Security Adoption Framework (SAF) workshops that are designed to help organizations modernize their security programs using Zero Trust strategy, security best practices, and real‑world lessons learned.
The workshop is designed to support security and technology leaders as they align security strategy with evolving business priorities, technology platforms, and the threat landscape.
Tip
Our Security Adoption Framework (SAF) workshops align with guidance in our structured security adoption model.
Expert-led workshops
We recommend participating in an expert-led CISO workshop to:
- Learn from Microsoft's internal security team and real-world engagements.
- Make informed decisions about security modernization, prioritize the right initiatives, and make sure that strategy is clearly connected to design and implementation across the business.
If you have Microsoft Unified, contact your Customer Success Account Manager (CSAM) to request an expert-led workshop delivery.
Workshop videos
If you're unable to organize an expert-led workshop, it's available as a series of publically available prerecorded videos summarized in this article. A pdf slide presentation of accompanying materials is also available for download/review.
Video - Introduction and overview
This video introduces the CISO workshop and provides an overview of its content.
Part A - Key context and fundamentals
These videos discuss threat trends, security role and responsibility evolution, and the recommended strategy and the strategic initiatives to structure your security transformation.
Threat environment and trends
Both the threat environment and the technical estates you operate are complex and constantly changing. Security must keep up with business and technology transformation, especially as ransomware and "as a service" models impact business.
Roles and responsibilities
This video discusses how the jobs to be done in security are evolving.
Strategy and recommended initiatives
This video discusses the Zero Trust transformation and modern security strategy that align to business goals, digital transformation, and cloud transformation. The five strategic initiatives in this video describe how to modernize your security program and capabilities using Zero Trust principles. This video also includes guidance on avoiding extreme approaches that result in increased risk – skipping security completely and overly restrictive security.
Part B - Business alignment
These videos discuss how to engage business leaders on security, align to business priorities and risks, integrate security in IT/Business and build business resilience.
Engaging business leaders on security
Engaging business leaders on security articles can be tricky. This video uses a role playing approach to help security leaders take a straightforward approach with business leaders in their language. This video discusses attacks and risks in business language, recommendations for measuring security program success, and asking for key business leader support that security teams need. This conversation helps you position security as an enabler and a partner to the larger organization.
Risk insights
This video discusses how to align security priorities to business goals and existing risk management frameworks. This video covers security’s dual goal of enabling business and reducing risk, as well as the various cybersecurity risk sources (and how these threats mirror legitimate organizations).
Security integration
Discussion on how to successfully integrate security into IT and business processes and how to structure collaboration between security functions. This video includes details on an emerging but critically important discipline of security posture management that focuses on reducing risk with visibility and preventative controls.
Business resilience
Business resilience is the guiding principle of security programs. It reduces the business impact of cyberattacks by balancing security investments before, during, and after attacks.
Maturity model - Business alignment
This video reviews maturity models that describe the real-world journey to improve risk insights, security integration, and business resilience. It includes a discussion of specific concrete actions to help you move up to the next level.
Part C - Security disciplines
These videos discuss how to provide a clear structure for your security program by using five key security disciplines.
Access control
This video discusses the Zero Trust approach to access control. It includes strong authentication, blending identity and network access into a single approach, and the Known-Trusted-Allowed model.
Security operations
This video discusses modern security operations. It covers key success metrics, key touchpoints with business leaders and functions, and key cultural elements.
Asset Protection
This video covers key imperatives for teams that manage and secure assets, including prioritizing security based on business criticality and scaling efficiently across the large and growing set of assets in the technical estate.
Security Governance
This video describes security governance modernization and bridges the world of business goals and technology. It also covers the different components of security governance, including risk, compliance, security architecture, posture management, strategic threat intelligence, and more.
Innovation Security
This video discusses how application security evolves into a modern approach, including DevSecOps, and key focus areas to drive success of this capability.
Maturity Model - Security Governance
This video provides a review of maturity model for the real-world journey to improve security architecture, posture management, and IT security maintenance. It includes a discussion of specific concrete actions to help you move these disciplines up to the next level.
Summary
Wrap-up of the workshop with key quick wins and next steps.
Next steps
There are a number of approaches to get started with security adoption. Review the options.